Kamonio
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The Kamon.io integration is coherent, but it gives the agent broad authenticated API access that could modify or delete account data unless the user carefully supervises it.
Install only if you trust Membrane as the intermediary for Kamon.io access. Use a least-privilege account, review the npm CLI installation, and require confirmation before the agent performs any mutating API calls or raw proxy requests.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong endpoint or method, it could change or delete Kamon.io account data, settings, or related records.
The skill exposes a raw authenticated proxy that can send arbitrary API paths and mutating HTTP methods, rather than only using scoped pre-built actions.
membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE) ... injects the correct authentication headers
Require explicit user confirmation for POST, PUT, PATCH, and DELETE requests; prefer discovered Membrane actions; and restrict proxy use to reviewed endpoints.
The agent can act through the connected account according to whatever permissions that account has.
The skill requires delegated Membrane/Kamon.io authentication and automatic credential refresh. This is expected for the integration, but it grants account access.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Use a least-privilege Kamon.io/Membrane account where possible and review/revoke connections when no longer needed.
A future CLI version or compromised package distribution could affect the behavior of the integration.
The setup uses a global npm install pinned to @latest. This is purpose-aligned, but the installed code is not part of the reviewed artifact and may change over time.
npm install -g @membranehq/cli@latest
Install the CLI only from the trusted npm package source, consider pinning a known-good version, and keep normal package-manager security practices.
Remote setup instructions could influence what the agent does next if treated as fully authoritative.
The skill may consume dynamic instructions returned during connection setup. This can be legitimate setup guidance, but such instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as guidance only, and keep user intent plus safety approval requirements in control.