Docsumo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a real Docsumo integration, but it gives an agent broad Docsumo account authority, including permanent document deletion and direct API proxying, without clear safety boundaries.
Review this skill before installing. It appears purpose-built for Docsumo, but only use it with a least-privilege account, explicitly approve destructive or administrative actions, and understand that Membrane CLI authentication and proxying will be part of the Docsumo data flow.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could delete or mutate Docsumo business documents or perform broader API operations than the user intended.
The skill exposes generic action execution, an irreversible delete action, and a raw API fallback. These are aligned with managing Docsumo, but the artifact does not show explicit approval or containment rules for destructive or broad account operations.
`Delete Document` ... `Permanently deletes a document from your account` ... `membrane action run <actionId>` ... `send requests directly to the Docsumo API`
Require explicit user confirmation for deletes, status changes, user/role changes, and proxy API calls; use a least-privilege Docsumo connection and preview targeted document IDs before running mutations.
The connected account may give the agent access to Docsumo documents, workspace data, and possibly user or role management depending on the account permissions.
The integration relies on delegated Membrane/Docsumo authentication and automatic credential refresh. That is expected for the stated purpose, but it is sensitive account authority.
`Membrane handles authentication and credentials refresh automatically` and `membrane login --tenant --clientName=<agentType>`
Connect only the intended Docsumo workspace/account, prefer least-privilege credentials, and revoke the Membrane connection when it is no longer needed.
The behavior of the installed CLI can change over time as `latest` moves, and a global CLI has broad local execution ability.
The setup asks the user to install a global npm CLI package at the moving `latest` version. This is central to the Membrane-based integration, but it is an external supply-chain dependency.
`npm install -g @membranehq/cli@latest`
Install from the official package source, consider pinning a known version, and review the CLI trust boundary before using it with Docsumo credentials.
Sensitive document metadata or extracted content may be handled through the configured integration path when the agent runs Docsumo actions.
Potentially sensitive business documents and extracted data are accessed through a Membrane-to-Docsumo integration flow. This is disclosed and purpose-aligned, but users should understand that a third-party integration layer is involved.
`This skill uses the Membrane CLI to interact with Docsumo` and `Docsumo ... invoices, bank statements, and contracts`
Use this only with data you are permitted to process through Membrane/Docsumo, and verify the organization’s data-handling and retention requirements before connecting production document workflows.