Vimeo
WarnAudited by ClawScan on May 10, 2026.
Overview
The Vimeo skill is a normal OAuth-based integration, but it exposes broad create, update, and delete actions for Vimeo content without clearly requiring user confirmation or limiting scope.
Before installing, be comfortable granting Membrane access to your Vimeo account. Use this skill for read-only lookups freely, but require explicit confirmation before any create, update, privacy, or delete action, especially for public or business-critical videos, channels, projects, and albums.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the connected account has permission, an agent using this skill could change or delete Vimeo content, channels, projects, or albums.
The skill documents high-impact Vimeo mutations, including privacy changes and deletion of account content, but the visible instructions do not require explicit user confirmation, preview, or rollback before running those actions.
| Update Video | update-video | Edit a video's metadata including title, description, and privacy settings. | ... | Delete Video | delete-video | Delete a video from Vimeo. | ... | Delete Channel | delete-channel | Delete a channel. |
Only allow destructive or public-facing Vimeo changes after an explicit user request and confirmation; prefer read-only/list actions unless the user clearly approves the exact change.
Connecting the skill gives Membrane-mediated access to the selected Vimeo account according to the granted OAuth permissions.
The integration relies on delegated Membrane/Vimeo authentication and refreshed credentials. This is expected for a Vimeo integration, but it grants ongoing account access.
Membrane handles authentication and credentials refresh automatically
Connect only the intended Vimeo account, review granted scopes where possible, and revoke the connection from Vimeo or Membrane when it is no longer needed.
The installed CLI package will run locally with the user's permissions and may change over time as the latest npm release changes.
The setup installs an external npm package globally using the latest tag. This is a normal setup step for the Membrane-based skill, but it is not pinned to a reviewed version.
npm install -g @membranehq/cli@latest
Install the CLI from the official package source, consider pinning a known version, and keep it updated through trusted channels.
Vimeo account operations and returned data may be processed through Membrane's service while using the skill.
Vimeo actions and authentication are mediated through Membrane rather than direct local code. This is disclosed and purpose-aligned, but it means Vimeo data and authorization flow through a third-party integration layer.
This skill uses the Membrane CLI to interact with Vimeo.
Review Membrane's service terms and access controls, and avoid connecting accounts that contain content the user does not want available to that integration.