Google Gemini
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Gemini/Membrane integration, but it exposes a broad authenticated API-proxy path that should be reviewed before use.
Install only if you trust Membrane and intend to connect a Gemini account. Prefer scoped listed actions, review any raw proxy request before it is run, avoid write/delete methods unless explicitly needed, and revoke the connection when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses this proxy incorrectly, it could make raw Gemini API calls under the connected account rather than staying within safer, described actions.
This creates a broad authenticated escape hatch outside the listed action schemas, including mutating and deleting HTTP methods, with no clear approval or endpoint restrictions in the instructions.
When the available actions don't cover your use case, you can send requests directly to the Google Gemini API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Prefer listed Membrane actions where possible. Require explicit user approval before raw proxy calls, especially for POST, PUT, PATCH, or DELETE, and verify the exact endpoint and payload.
Using the skill may give Membrane-mediated tooling ongoing access to the connected Gemini account until the connection is revoked.
The skill relies on delegated Membrane and Google Gemini authentication with automatic refresh. This is purpose-aligned, but it grants persistent account access.
Membrane handles authentication and credentials refresh automatically — so you can focus on the integration logic rather than auth plumbing.
Connect only the intended account, review requested permissions during authentication, and revoke the Membrane connection when it is no longer needed.
The installed CLI version may change over time and is not represented by the static scan, so behavior depends on the npm package obtained at install time.
The skill asks the user to install a global CLI package at the latest available version. This is disclosed and central to the Membrane workflow, but it is unpinned and outside the reviewed artifact set.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a known version, and review the CLI’s permissions before authenticating.
Remote instructions from the connection setup could influence the agent’s next steps if treated as authoritative.
The skill describes remote connection responses that may include instructions for the agent. This can be useful integration guidance, but such instructions should not override the user's request or higher-priority policies.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as untrusted operational hints and follow them only when they match the user’s intent and the skill’s documented scope.