Faros
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Faros/Membrane integration, but it can use tenant-level access for secrets, API keys, and destructive account actions without clear approval or scope limits.
Install only if you intend to let the agent work with your Faros tenant through Membrane. Use the least-privileged account available, review any secret/API-key output carefully, and require explicit confirmation before deletions, account changes, webhook changes, or credential creation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make significant changes to a Faros tenant, including creating keys or deleting accounts, if invoked with sufficient permissions.
The skill exposes broad Membrane action-running authority for Faros, including credential creation and destructive account deletion, without visible instructions requiring explicit user approval or limiting scope.
Use action names and parameters as needed. ... | Create API Key | create-api-key | Creates a new tenant API key | ... | Delete Account | delete-account | Deletes a tenant account |
Only use this with a least-privilege Faros/Membrane account and require explicit user confirmation before any create, update, delete, secret, or API-key action.
If granted broad tenant permissions, the agent may be able to view or create sensitive Faros secrets and API keys.
The skill uses tenant-level authentication and can access sensitive tenant credentials such as API keys and secrets, but the provided artifacts do not clearly bound which privileges are needed or how sensitive outputs are handled.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically ... | List API Keys | list-api-keys | Lists all tenant API keys | ... | List Secrets | list-secrets | List all secrets
Use a restricted account where possible, avoid granting secret/API-key permissions unless needed, and review any output containing credentials before sharing or storing it.
The installed CLI version may change over time, and global npm installs can affect the local environment.
The skill instructs users to install the Membrane CLI globally from npm using the moving @latest tag. This is disclosed and purpose-aligned, but it depends on the current npm package version at install time.
npm install -g @membranehq/cli@latest
Install from a trusted environment, consider pinning or reviewing the CLI version, and follow your normal npm package security practices.
A remote connector response may guide the agent's next steps during setup.
The skill allows connection setup responses to include instructions for the agent. This is part of the Membrane workflow, but remote instructions should not override the user's request or higher-priority instructions.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as contextual hints only, and follow them only when they match the user's explicit goal and expected connection flow.