v1.0.2

Foxy

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:25 AM.

Analysis

Foxy is a Membrane/Foxy CLI integration, but it gives broad authenticated API access that can change customers, coupons, subscriptions, and transactions, and its stated purpose is inconsistent enough to warrant review before installation.

GuidanceReview this skill carefully before installing. Use it only with the intended Foxy account, confirm any create/update/cancel/delete action before it runs, prefer listed Membrane actions over raw proxy requests, and revoke the connection when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

description: |\n  Foxy integration. Manage Organizations, Users, Goals, Filters...\n| Cancel Subscription | cancel-subscription | Cancel a subscription by setting its end date |\n| Update Customer | update-customer | Update an existing customer |

The stated purpose does not match the listed high-impact e-commerce actions, which may cause users to underestimate what the skill can do.

User impactA user may install it expecting one type of Foxy data management, while the instructions enable changes to subscriptions, customers, coupons, stores, and transactions.

RecommendationClarify the skill description and overview so they accurately describe the Foxy/FoxyCart capabilities and highlight business-impacting actions.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

membrane request CONNECTION_ID /path/to/endpoint... HTTP method (GET, POST, PUT, PATCH, DELETE)... injects the correct authentication headers

The skill documents a raw authenticated API proxy with mutating and deleting HTTP methods, which can bypass safer pre-built actions and operate broadly on the connected Foxy account.

User impactIf invoked incorrectly, the agent could make unintended authenticated API changes such as updating or deleting business/customer/subscription data.

RecommendationPrefer scoped Membrane actions, require explicit user confirmation for mutating or deleting requests, and document safe path/method limits for proxy use.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

npm install -g @membranehq/cli

The skill asks the user to install a global npm CLI package without a pinned version in an install spec.

User impactInstalling a global CLI changes the local environment and relies on the npm package's integrity.

RecommendationVerify the package source, consider pinning a known version, and install it only from the expected publisher.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

membrane login --tenant... membrane connect --connectorId=CONNECTOR_ID --json... Membrane handles authentication and credentials refresh automatically

The integration depends on delegated Membrane/Foxy authentication and credential refresh, which is expected but grants ongoing account authority.

User impactThe connected account may allow the agent to access and modify Foxy data according to that account's permissions.

RecommendationConnect only the intended Foxy account, review granted scopes/permissions, and revoke the Membrane connection when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

send requests directly to the Foxy API through Membrane's proxy... | List Transactions | list-transactions | ... | List Customers | list-customers |

Customer and transaction data may be accessed through an external Membrane proxy/provider flow, which is disclosed and purpose-aligned but sensitive.

User impactFoxy customer, transaction, and subscription data may pass through Membrane-mediated API calls.

RecommendationEnsure Membrane and Foxy data-handling policies are acceptable for the data being accessed, and avoid sending unnecessary customer or transaction details.