Follow Up Boss
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Follow Up Boss integration is purpose-aligned, but it should be reviewed because it can use delegated credentials to run CRM create, update, and delete actions without visible approval guardrails.
Install only if you trust Membrane and intend to let the agent access your Follow Up Boss CRM. Treat read actions as lower risk, but require explicit confirmation before creating, updating, or deleting contacts, deals, tasks, or appointments, and revoke the connection when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change or delete business CRM records if it chooses or is instructed to run those actions.
The skill exposes a generic action-run mechanism for the connected CRM and lists destructive CRM actions, but the provided visible instructions do not require explicit user confirmation or define safeguards for delete/update operations.
membrane action run <actionId> --connectionId=C ... Delete Person | delete-person | Delete a person/contact from Follow Up Boss ... Delete Deal | delete-deal | Delete a deal ... Delete Task | delete-task | Delete a task
Require explicit user confirmation for create, update, and delete actions, especially for contacts, deals, appointments, and tasks; prefer read-only queries unless the user clearly requests a change.
The skill can act through the connected Membrane/Follow Up Boss account, including accessing and changing CRM data within that account's permissions.
The skill requires delegated authentication through Membrane and indicates credentials can be refreshed automatically, which is expected for the integration but gives the connected account continuing authority.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>
Connect only the intended Follow Up Boss account, use the least-privileged account available, and revoke the Membrane connection when it is no longer needed.
The behavior of the installed CLI depends on the npm package version available at install time.
The skill asks the user to install a global CLI package at the moving @latest version. This is central to the skill's purpose, but the executable code is not included in the reviewed artifact and can change over time.
npm install -g @membranehq/cli@latest
Install the CLI from the official source, consider pinning a specific trusted version, and review Membrane's package and account permissions before use.
CRM data and actions may pass through Membrane's service or connector infrastructure rather than only directly between the agent and Follow Up Boss.
The skill uses Membrane as an intermediary connection/connector layer for Follow Up Boss. This is disclosed and purpose-aligned, but the artifact does not detail data-handling boundaries for the external connector.
Use `membrane connection ensure` to find or create a connection by app URL or domain ... If no app is found, one is created and a connector is built automatically.
Review Membrane's privacy, connector, and permission model before connecting production CRM data.