Gpt Trainer
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Gpt-trainer/Membrane integration, but it requires account login and can perform create, update, and delete actions, so users should review destructive operations before approving them.
Install this only if you trust Membrane and intend to let an agent manage Gpt-trainer resources. Review OAuth/login prompts, be cautious with global npm installation, and require explicit confirmation before any delete or update action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to create, modify, or delete Gpt-trainer resources once authenticated.
The skill exposes account-changing and destructive Gpt-trainer actions. This is consistent with a management integration, but it is high-impact if used on the wrong IDs or without user review.
Popular actions ... Delete Data Source ... Update Data Source ... Delete Session ... Delete Agent ... Delete Chatbot ... Update Chatbot
Confirm resource IDs and get explicit user approval before running delete, update, or other irreversible actions.
Using the skill gives the integration access to the user's connected Membrane/Gpt-trainer account capabilities.
The skill requires logging into Membrane and uses refreshed credentials to access Gpt-trainer. This is expected for the integration, but it grants delegated account access.
Requires network access and a valid Membrane account ... Membrane handles authentication and credentials refresh automatically
Log in only through trusted Membrane flows, review requested permissions, and revoke the connection when it is no longer needed.
The installed CLI version may change over time, and global npm installs run code from the package ecosystem.
The setup uses a user-directed global npm install of the latest Membrane CLI. This is normal for a CLI-based integration, but @latest is not pinned to a specific reviewed version.
npm install -g @membranehq/cli@latest
Install from the official package source and consider pinning a known-good CLI version in controlled environments.
Remote setup guidance could influence what the agent does during connection setup.
The skill allows provider-returned setup instructions to guide the agent. This can be useful, but such instructions should not override the user's request or higher-priority safety rules.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat provider-returned instructions as operational hints only, and follow them only when they are consistent with the user's request.
Requests, results, and account-linked actions may pass through Membrane and Gpt-trainer services.
Gpt-trainer operations are routed through the Membrane CLI and the connected external service. This provider flow is disclosed and purpose-aligned.
This skill uses the Membrane CLI to interact with Gpt-trainer ... membrane connection ensure "https://gpt-trainer.com/" --json
Avoid providing unrelated secrets or sensitive data, and use the integration only for Gpt-trainer tasks you intend to perform.