Fintoio
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Finto.io integration, but it gives broad authenticated access to financial data, including raw API calls that can modify or delete data, with limited guardrails.
Use this skill only if you trust Membrane and intend to let an agent access your Finto.io financial data. Prefer predefined Membrane actions, and require explicit confirmation before any raw API request that creates, updates, or deletes records.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad authenticated API changes to financial records or related Finto.io objects if it chooses the wrong endpoint or method.
The skill documents a raw Membrane proxy that can issue arbitrary Finto.io API requests, including mutating and deleting methods, instead of only using safer prebuilt actions.
membrane request CONNECTION_ID /path/to/endpoint ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE)
Before installing, require explicit user approval for any POST, PUT, PATCH, or DELETE request, and prefer scoped Membrane actions over raw proxy calls.
The connected account may expose financial accounts, transactions, categories, rules, and other business data to actions run through the skill.
The skill requires delegated Membrane/Finto.io authentication and ongoing credential refresh to access financial data. This is expected for the integration, but it is sensitive account authority.
Requires network access and a valid Membrane account ... Membrane handles authentication and credentials refresh automatically
Connect only the intended Finto.io account, review the permissions granted during authentication, and revoke the Membrane connection when no longer needed.
Running a global or latest npm package can execute code from the package ecosystem and may change behavior as the package updates.
The instruction-only skill asks users to install or run an external npm CLI, including an @latest invocation. This is central to the integration, but it depends on external package integrity and version changes.
npm install -g @membranehq/cli ... npx @membranehq/cli@latest action list
Install the Membrane CLI from a trusted environment, consider pinning a known version, and avoid running the CLI with unnecessary system privileges.