Goto Webinar
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: goto-webinar Version: 1.0.2 The skill bundle provides instructions for an AI agent to interact with GoTo Webinar via the Membrane CLI. It contains only metadata and documentation (SKILL.md) describing how to perform standard administrative tasks such as managing webinars, registrants, and sessions. The skill relies on a legitimate third-party platform (getmembrane.com) for authentication and API proxying, and no malicious code, data exfiltration patterns, or harmful prompt-injection instructions were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change or delete webinar data through the user's connected account if it uses this proxy incorrectly.
The skill exposes an authenticated raw API proxy capable of mutating or deleting GoTo Webinar resources, but does not document confirmation requirements, allowed endpoints, or rollback boundaries.
`membrane request CONNECTION_ID /path/to/endpoint` ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user approval for POST, PUT, PATCH, DELETE, cancellation, and deletion actions; prefer prebuilt actions; and limit requests to the specific webinar or organizer IDs requested by the user.
A mistaken or over-eager action could cancel an event or remove people from a webinar.
The popular actions include destructive business-event operations, but the skill does not instruct the agent to confirm with the user before running them.
`Delete Registrant` ... `Remove a registrant from a webinar` ... `Cancel Webinar` ... `Cancel a webinar`
Add explicit guardrails requiring user confirmation and a preview of the exact webinar, registrant, panelist, or co-organizer before any destructive operation.
Membrane will hold or refresh access to the connected GoTo Webinar account, enabling future actions through that connection.
The skill requires the user to authenticate through Membrane and authorize a GoTo Webinar connection. Delegated account access is expected for this integration, but it is sensitive and not reflected in the registry credential fields.
`membrane login --tenant` ... `membrane connect --connectorId=CONNECTOR_ID --json` ... `Membrane handles authentication and credentials refresh automatically`
Use an account with the minimum needed permissions, review what the connection can access, and revoke the Membrane connection when finished.
The installed CLI becomes part of the local environment and will be trusted to handle account login and API requests.
The skill asks the user to install an unpinned global npm CLI package. This is purpose-aligned setup, but it depends on the npm package provenance and current published version.
`npm install -g @membranehq/cli`
Install only from the official npm package, consider pinning or verifying the CLI version, and avoid running the setup on highly sensitive systems unless needed.