Google Search Console
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Google Search Console integration, but it uses Membrane OAuth access and can perform account-changing Search Console actions, so users should review permissions carefully.
Before installing, verify the Membrane CLI package, understand that Membrane will mediate Google Search Console authentication, and require confirmation before any action that adds, deletes, submits, or otherwise changes Search Console resources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives locally installed third-party code the ability to run on the user's machine.
The skill asks users to install a global npm package using the moving @latest tag. This is disclosed and central to the integration, but it relies on external package provenance.
npm install -g @membranehq/cli@latest
Install only from the official npm package, consider pinning a reviewed version, and keep normal npm supply-chain hygiene.
The connected Membrane account may be able to access Search Console properties and perform actions allowed by the granted Google permissions.
The skill delegates Google Search Console authentication and token refresh to Membrane, which is expected for this integration but grants ongoing account access.
Membrane handles authentication and credentials refresh automatically
Review the OAuth consent screen, grant the least privilege available, and revoke the connection when no longer needed.
If used without confirmation, the agent could change or remove Search Console resources the user relies on.
The action catalog includes account-changing and deletion operations. These are relevant to managing Search Console, but they can affect business/SEO configuration.
| Delete Site | delete-site | Removes a site from the user's set of Search Console sites. | ... | Delete Sitemap | delete-sitemap | Deletes a sitemap from the Sitemaps report. |
Require explicit user confirmation before running add, delete, submit, or other account-changing actions.
Provider-returned instructions could influence agent behavior during setup if treated as authoritative beyond the connection task.
The integration may receive provider-supplied instructions for the agent during connection setup. This is part of the disclosed Membrane workflow, but those instructions should be constrained to the user's current goal.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as data from the integration provider and follow them only when they match the user's request and expected connection flow.