ClawHub
Back to skill
v1.0.4

E Goi

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 4:43 PM.

Analysis

This skill is not clearly malicious, but it can connect with sensitive credentials and modify or delete E-goi marketing data without clear approval or scope safeguards.

GuidanceBefore installing, confirm you trust Membrane and the npm CLI package, use a least-privileged E-goi account if possible, and require explicit confirmation before the agent creates, updates, deletes, or runs campaign-related actions.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill tells the agent to consume agent-facing instructions returned from a connection workflow, but does not state that those instructions must be constrained to the user's request or treated as untrusted.

User impactReturned setup instructions could steer the agent toward actions the user did not explicitly approve.
RecommendationTreat returned agent instructions as untrusted context; follow them only when they directly match the user's current request and ask for confirmation before account-changing actions.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
`Create Contact`, `Create Email Campaign`, `Create SMS Campaign`, `Update Contact`, `Delete List` ... `membrane action run <actionId> --connectionId=CONNECTION_ID --json`

The skill exposes broad action execution for mutating E-goi resources, including deletion, but does not define approval requirements, dry-run behavior, scope limits, or rollback guidance.

User impactThe agent could accidentally modify customer records, create campaigns, or delete a contact list in the connected E-goi account.
RecommendationRequire explicit user confirmation for create, update, delete, campaign, and bulk operations; verify connection IDs and target resource IDs before running actions.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
`npm install -g @membranehq/cli@latest`

The install instruction pulls the latest global npm package rather than a pinned version, which is a supply-chain exposure even though it is purpose-aligned with using Membrane.

User impactThe installed CLI version could change over time, making behavior less predictable.
RecommendationPrefer a pinned, reviewed version of the Membrane CLI and install it only from the expected npm package source.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
`npm install -g @membranehq/cli@latest` and `npx @membranehq/cli connection get <id> --wait --json`

Although the skill has no bundled code files, its runtime instructions involve installing and executing npm-distributed command-line code.

User impactUsing the skill runs external CLI code on the user's environment.
RecommendationInstall the CLI only in an environment where running npm packages is acceptable, and review the package source/version before use.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`List Contacts`, `Create Contact`, `Create Email Campaign`, `Create SMS Campaign`, `Update Contact`, `Delete List`

The documented operations can affect shared marketing data and customer communication assets, and the instructions do not include containment steps such as test lists, backups, or confirmation gates.

User impactA wrong connection, list ID, or action input could affect many contacts or campaigns in the E-goi account.
RecommendationTest on non-production lists first, confirm target IDs, and require user approval before bulk or destructive actions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
`membrane login --tenant --clientName=<agentType>` ... `Membrane handles authentication and credentials refresh automatically`

The skill requires delegated account login and automatic credential refresh, creating persistent authority over the connected E-goi integration without documenting scopes or privilege boundaries.

User impactInstalling and using the skill may grant ongoing access to sensitive E-goi account data and operations through Membrane.
RecommendationUse the least-privileged account possible, review granted scopes in Membrane and E-goi, and revoke the connection when it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The agent may incorporate returned connection instructions into its working context; this is useful for setup but should not be treated as higher-priority instruction.

User impactConnection-provided text could influence the agent's next steps if not carefully bounded.
RecommendationKeep provider-returned instructions subordinate to the user's request and avoid saving them as reusable policy or memory.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
This skill uses the Membrane CLI to interact with E-goi. Membrane handles authentication and credentials refresh automatically.

The integration routes E-goi authentication and API interaction through Membrane, a third-party gateway, which is purpose-aligned but important for users to understand.

User impactE-goi account data and credentials may be processed through Membrane as part of the integration flow.
RecommendationUse only trusted Membrane accounts, review connection details, and avoid sending unnecessary sensitive E-goi data through the agent.