Drip
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Drip/Membrane integration, but it requires trusting Membrane and can make real changes to Drip marketing/customer data.
Before installing, make sure you trust Membrane and the Membrane CLI, authenticate only to the intended Drip account, and ask the agent to confirm before making bulk updates, tagging subscribers, tracking events, or subscribing users to campaigns.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives locally installed third-party software access to run under the user's account.
The skill asks the user to install a global CLI from npm using the moving @latest tag. This is purpose-aligned setup, but users must trust the external package source and whatever version is current at install time.
npm install -g @membranehq/cli@latest
Install only from the official package/source, consider pinning or verifying the CLI version, and keep it updated from trusted channels.
The connected Membrane/Drip account may be used to access or change Drip data within the permissions granted.
The skill requires delegated Membrane/Drip authentication and indicates credential refresh is handled automatically. This is expected for the integration, but it grants account access.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>
Authenticate only to the intended Membrane and Drip accounts, review granted permissions, and revoke the connection when it is no longer needed.
Mistaken or overly broad actions could update many subscribers, change tags, track events, or subscribe people to campaigns.
The documented Drip actions include bulk and mutating operations. These are consistent with the stated management purpose, but they can materially affect customer marketing records.
Create or Update Subscribers Batch ... up to 1000 per batch ... Apply Tag to Subscriber ... Remove Tag from Subscriber ... Subscribe to Campaign
Require explicit user confirmation before bulk, campaign, tagging, or other mutating Drip operations, and preview the target records when possible.
Drip account access and potentially customer/marketing data may pass through or be managed by Membrane.
The integration is mediated by Membrane rather than directly by local skill code. This is disclosed and expected, but it means Drip authentication and API interactions depend on an external service boundary.
This skill uses the Membrane CLI to interact with Drip. Membrane handles authentication and credentials refresh automatically
Use this only if you trust Membrane for the relevant Drip data and credential handling, and review Membrane's account/security settings.
Users or agents may misunderstand which Drip resources this skill is meant to operate on.
The registry description lists CRM-style objects that do not match the visible Drip overview in SKILL.md, which focuses on subscribers, campaigns, broadcasts, workflows, forms, and events.
Description: Drip integration. Manage Persons, Organizations, Deals, Activities, Notes, Files and more.
Verify the available action list for the actual Drip connection before attempting changes, especially for objects named in the registry description.