Datascope
ReviewAudited by ClawScan on May 18, 2026.
Overview
DataScope is a coherent Membrane integration, but it gives broad ability to modify or delete DataScope business data through bulk actions and raw API proxy calls, so it should be reviewed before use.
Review this skill before installing if your DataScope account can change production or compliance data. Use a least-privileged Membrane/DataScope connection, confirm any create/update/delete or bulk operation before it runs, and avoid raw proxy requests unless you understand the exact API path and impact.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad or destructive changes to DataScope metadata, locations, or form answers if the user gives it a privileged connection.
The skill documents both high-impact bulk mutation with soft-delete behavior and a raw API proxy that can issue destructive HTTP methods. The artifacts do not add explicit approval, scoping, or rollback guidance for these operations.
Bulk Update Metadata Objects | bulk-update-metadata-objects | Bulk update metadata list objects with soft delete support for objects not included in the request. ... membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Use a least-privileged DataScope connection, require explicit user confirmation before update/delete/bulk actions, and prefer predefined Membrane actions over raw proxy requests.
Actions run through this skill may access or change DataScope data according to the permissions of the connected account.
The skill requires the user to authenticate through Membrane and then uses that delegated connection to call DataScope APIs. This is expected for the integration, but it gives the skill the account privileges of that connection.
membrane login --tenant ... The user completes authentication in the browser. ... Membrane automatically ... injects the correct authentication headers — including transparent credential refresh
Connect with the minimum required DataScope permissions and verify the connection ID before running actions.
Installing the CLI adds executable software to the user's environment.
The skill is instruction-only but asks the user to install a global npm CLI. This is central to the stated Membrane workflow, but it introduces normal package-provenance and local-execution trust considerations.
npm install -g @membranehq/cli
Install the CLI only from the official npm package/source, keep it updated, and avoid running it in sensitive environments unless trusted.