Ezeep Blue
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent action could change or delete Ezeep Blue account, user, printer, or print-job data.
The skill gives the agent a raw authenticated API escape hatch with mutating and delete methods, but the artifact does not define endpoint limits, confirmation requirements, or safeguards for high-impact changes.
When the available actions don't cover your use case, you can send requests directly to the Ezeep Blue API through Membrane's proxy ... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use safer listed actions when possible, require explicit user confirmation for POST/PUT/PATCH/DELETE and print actions, and restrict the connection to the least privileges needed.
The agent can act through the authenticated Ezeep Blue connection according to the permissions of the connected account.
The skill uses delegated Membrane/Ezeep authentication and automatic credential refresh. This is expected for the integration, but it grants account-level authority to the agent workflow.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Connect with a least-privilege account, review which Ezeep tenant is connected, and avoid granting administrative access unless needed.
A future CLI version could behave differently from the version reviewed here, and a global install affects the local environment.
The setup instructions install a global npm package using the moving @latest tag. This is central to the skill's purpose, but it means the installed code may change over time.
npm install -g @membranehq/cli@latest
Install from the official npm registry, consider pinning a reviewed CLI version, and use an isolated environment where practical.
Ezeep request data and responses may pass through Membrane's service as part of normal operation.
Ezeep API requests are routed through Membrane, which acts as an authenticated intermediary. This is disclosed and purpose-aligned, but it is an important data boundary.
send requests directly to the Ezeep Blue API through Membrane's proxy. Membrane automatically ... injects the correct authentication headers
Review Membrane's trust, privacy, and access controls before sending sensitive account or print data through the proxy.