Honeybadger
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Honeybadger integration, but it can modify or delete Honeybadger resources and the provided artifacts do not show clear confirmation safeguards.
Install only if you trust Membrane and want an agent to operate on Honeybadger. Use a least-privilege Honeybadger account, review every action before execution, require explicit confirmation for create/update/delete operations, and be especially careful with project deletion.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could delete or alter monitoring projects, uptime sites, teams, or related operational data in the connected Honeybadger account.
The skill documents destructive Honeybadger account actions. The provided artifact also describes running Membrane actions, but does not show explicit confirmation, scoping, or reversibility requirements before high-impact create/update/delete operations.
| Delete Project | delete-project | Delete a project from Honeybadger |
Require explicit user confirmation for every create, update, or delete action, especially project deletion; show the target project/resource ID and expected impact before running the action.
The agent may be able to act with the same Honeybadger permissions as the connected user or token.
The skill relies on delegated Membrane/Honeybadger authentication and automatic credential refresh. This is expected for a Honeybadger integration, but it grants the skill actions available to the authenticated account.
Membrane handles authentication and credentials refresh automatically
Connect a least-privilege Honeybadger account or token, review OAuth/API scopes where available, and revoke the connection when no longer needed.
The installed CLI becomes part of the trusted execution path for Honeybadger actions.
The setup uses a globally installed, unpinned npm package. This is central to the stated Membrane-based design, but users should notice the dependency and version-provenance risk.
npm install -g @membranehq/cli@latest
Install from a trusted npm source, consider pinning a known version, and keep the CLI updated through normal dependency review.
Honeybadger metadata and action results may pass through the Membrane integration flow.
Honeybadger interaction is mediated through Membrane rather than only directly through Honeybadger. This is disclosed and purpose-aligned, but it is an extra identity/data boundary users should understand.
This skill uses the Membrane CLI to interact with Honeybadger. Membrane handles authentication and credentials refresh automatically
Review Membrane’s access, privacy, and retention practices before connecting sensitive Honeybadger projects.
Provider-supplied setup instructions could influence the agent’s next steps if not treated carefully.
The skill allows remote connection-state output to provide instructions to the agent. This can be useful for setup, but those instructions should remain bounded by the user’s request and system policy.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as lower-priority, task-specific guidance and ask the user before following any instruction that changes scope or performs sensitive actions.