Lexoffice
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Lexoffice/Membrane integration, but it grants broad financial-account management authority without clearly documented limits, confirmations, or credential scopes.
Install only if you trust Membrane and need automated Lexoffice access. Before connecting an account, verify OAuth scopes, prefer read-only or least-privilege permissions, and require explicit confirmation for invoices, payments, payroll, purchases, deletes, or bulk changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make or alter accounting, payment, payroll, banking, or purchase-related records if the connected account permits it.
The skill directs the agent toward broad management actions across sensitive financial and business resources, but the visible instructions do not define safe read/write limits or require confirmation for high-impact operations.
Manage Organizations, Leads, Pipelines, Users, Goals, Filters ... Invoice ... Expense ... Payment ... Payroll ... Banking Transaction ... Use action names and parameters as needed.
Use least-privilege access, add explicit read-only defaults, and require clear user confirmation before any create, update, delete, payment, payroll, purchase, or bulk action.
A user may connect a sensitive Lexoffice/Membrane account without seeing what scopes, permissions, or revocation expectations apply.
The registry requirement fields say no primary credential or environment variables are needed, while capability signals indicate OAuth and sensitive credentials are involved. For a financial integration, this leaves the delegated account permissions unclear.
Primary credential: none ... Required env vars: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
Document the credential type, OAuth scopes, account permissions, token storage/handling, and revocation steps before use.
Security depends partly on the separately installed or available Membrane tooling and account configuration.
The skill depends on an external Membrane CLI/account flow, while the supplied artifacts show no install spec and no required binary declaration. This is not malicious by itself, but the executable/provider path is outside the reviewed code.
This skill uses the Membrane CLI to interact with Lexoffice.
Install Membrane only from an official source, verify the CLI version, and review what actions it exposes for Lexoffice.
Lexoffice data may be processed through Membrane rather than only locally or directly with Lexoffice.
Lexoffice access appears to be routed through Membrane as an external gateway. That is purpose-aligned, but the visible artifact does not describe data boundaries, retention, or which party can see financial data.
compatibility: Requires network access and a valid Membrane account ... This skill uses the Membrane CLI to interact with Lexoffice. Membrane handles authenticat
Review Membrane's security and privacy documentation, and avoid connecting accounts containing data the user is not willing to expose to that provider.
A user may think the skill is limited to lower-risk organization or lead records when it may involve accounting and payroll data.
The short description emphasizes CRM-like objects, while the body describes accounting, payroll, and financial-management capabilities. This mismatch could cause users to underestimate the sensitivity of the integration.
description: Lexoffice integration. Manage Organizations, Leads, Pipelines, Users, Goals, Filters ... Lexoffice is a German SaaS application for accounting and financial management ... invoices, bookkeeping, and payroll.
Update the description to clearly disclose financial, payroll, payment, and purchase-related capabilities.