Float
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Float integration, but it can use Membrane credentials to change or delete Float business data and make raw API calls, so it needs careful review before use.
Install only if you intend to use Membrane to access your Float account. Before allowing create, update, delete, or proxy API requests, ask the agent to show the exact action, endpoint, target records, and inputs, and confirm explicitly. Use the least-privileged Float account available and revoke the connection when done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent mistake or ambiguous request could alter or remove Float people, project, scheduling, or time data.
The skill exposes generic execution of actions that can create, update, or delete Float business records, but the provided instructions do not require confirmation, preview, or rollback handling for destructive changes.
| Create Person | create-person | ... | Update Project | update-project | ... | Delete Person | delete-person | ... `membrane action run <actionId> --connectionId=CONNECTION_ID --json`
Require explicit user confirmation with the exact target records and inputs before any create, update, or delete operation. Prefer read-only actions unless the user clearly asks for a change.
A prompt or planning error could cause the agent to call broader Float API endpoints than the user intended.
The raw proxy path can bypass the safer listed action catalog and send authenticated API requests directly, with no provided method, endpoint, or approval boundaries.
When the available actions don't cover your use case, you can send requests directly to the Float API through Membrane's proxy ... injects the correct authentication headers
Use the proxy only for a user-requested, specific endpoint and method, and require approval before any request that changes Float data.
The skill can act with the permissions of the connected Membrane/Float account.
Delegated login and credential refresh are expected for a Float integration, but they grant ongoing account authority through Membrane.
`membrane login --tenant --clientName=<agentType>` ... Membrane handles authentication and credentials refresh automatically
Connect only an account with the minimum needed Float permissions and revoke the Membrane connection when it is no longer needed.
Installing the CLI gives locally installed external code access to run as the user.
The setup uses a global, unpinned npm CLI package that is not included in the reviewed artifact. This is purpose-aligned, but users must trust the external package and future latest version.
`npm install -g @membranehq/cli@latest`
Install the CLI only from the official npm package, consider pinning a known version, and keep it updated through normal trusted channels.
Float account data may pass through Membrane while the agent performs integration actions.
Float data and credentials are mediated through Membrane as an integration gateway. This is disclosed and purpose-aligned, but it is an important data boundary for the user to understand.
This skill uses the Membrane CLI to interact with Float. Membrane handles authentication and credentials refresh automatically
Review Membrane's account, privacy, and access controls before connecting sensitive Float workspaces.