Harvest
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Harvest integration, but it gives the agent broad authenticated ability to change or delete Harvest business data through a raw API proxy without clear guardrails.
Install only if you trust Membrane and want an agent to manage Harvest data. Use a least-privileged Harvest account, confirm any create/update/delete operation before it runs, and be especially careful with the raw `membrane request` proxy because it can reach endpoints beyond the listed safe actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the raw proxy incorrectly, it could alter or delete Harvest business records such as users, projects, clients, invoices, expenses, or time entries.
The skill exposes an authenticated raw API escape hatch to Harvest, including write and delete methods, and the artifact does not provide confirmation or containment guidance for destructive or account-changing requests.
membrane request CONNECTION_ID /path/to/endpoint ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to GET
Require explicit user confirmation before any POST, PUT, PATCH, or DELETE request; prefer prebuilt Membrane actions; and verify the exact endpoint, payload, and affected records before running raw API calls.
Actions taken through the skill will use the permissions of the connected Harvest account.
The skill depends on delegated Membrane/Harvest authentication and automatic credential refresh, which is expected for this integration but gives the agent access under the connected account.
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant` ... `membrane connect --connectorId=CONNECTOR_ID --json`
Connect only an account with the minimum Harvest permissions needed, review the Membrane connection, and revoke it when no longer needed.
Installing the CLI gives that package local execution capability under the user's account, and future package versions could change behavior.
The setup requires installing an external global npm CLI package, which is purpose-aligned but unpinned in the provided instructions.
npm install -g @membranehq/cli
Install the CLI only from the trusted npm source, consider pinning or verifying the package version, and keep it updated through trusted channels.
Harvest request and response data may pass through Membrane infrastructure rather than going directly from the agent to Harvest.
Harvest API traffic and authentication handling are mediated by Membrane as an external gateway, which is disclosed and central to the skill but still affects where Harvest data flows.
Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers
Use this skill only if you trust Membrane for Harvest data handling and review Membrane's account, privacy, and connection settings.