ClawHub
Back to skill
v1.0.4

Lightspeed Vt

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:08 PM.

Analysis

This appears to be a real LightSpeed VT integration, but it gives broad authenticated control over organization data and relies on an unpinned external CLI without clear approval or scope limits.

GuidanceBefore using this skill, confirm you trust Membrane and the npm CLI source, pin or review the CLI version if possible, connect only the intended LightSpeed VT account, and require explicit confirmation before any user, SSO, training, or organization-changing action.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

Connection responses can provide instructions directly to the agent; the skill does not say to treat those instructions as untrusted or to verify them against the user's request.

User impactA setup or connector response could influence what the agent does next if followed without scrutiny.
RecommendationTreat returned agent instructions as data, not authority; follow them only when they match the user's request and ask before privileged actions.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
`Use action names and parameters as needed.` Popular actions include `Get User SSO URL`, `Assign Training`, `Update User`, and `Create User`.

The skill grants broad discretion to use sensitive and state-changing LightSpeed VT actions, but does not define approval requirements, scope limits, rollback guidance, or safeguards.

User impactThe agent could create or update users, assign training, or generate access URLs in a connected organization without a clearly required confirmation step.
RecommendationRequire explicit user approval for any create, update, assignment, deletion, SSO, or bulk operation, and restrict actions to the specific user-requested scope.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`npm install -g @membranehq/cli@latest`

The skill depends on a globally installed npm package using the moving `latest` tag, with no pinned version in an install spec.

User impactThe exact CLI code installed may change over time, and a compromised or incompatible package version could affect credentialed LightSpeed VT operations.
RecommendationPin the CLI to a reviewed version, avoid global installation when possible, and document the dependency in the install specification.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
`npx @membranehq/cli connection get <id> --wait --json`

The instruction-only skill relies on running an external CLI via npm/npx. This is purpose-aligned, but it is still local code execution that users should notice.

User impactUsing the skill may execute npm-delivered CLI code on the user's machine or agent environment.
RecommendationUse a pinned and trusted CLI installation, and run commands only in an environment appropriate for authenticated third-party integrations.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Popular actions include `Assign Training`, `Create Location`, `Update User`, and `Create User`.

These organization-level mutations can affect users, training assignments, and business records, but the skill does not define containment, dry-run, approval, or rollback practices.

User impactA mistaken request or incorrect parameter could propagate into real LightSpeed VT organization data.
RecommendationConfirm target records and intended changes before execution, avoid bulk changes unless explicitly requested, and document how to undo changes.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically

The integration can maintain refreshed credentials through Membrane. This is disclosed and purpose-aligned, but it creates persistence beyond a single command.

User impactAccess may remain available through the Membrane connection after the immediate task is finished.
RecommendationReview and revoke the Membrane/LightSpeed VT connection when it is no longer needed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
metadata
Primary credential: none ... Capability signals: `requires-oauth-token`, `requires-sensitive-credentials`

The published credential contract says there is no primary credential while capability signals show OAuth and sensitive credential use, creating ambiguity about delegated account access.

User impactUsers may not realize that installing or using the skill can involve granting sensitive account access through Membrane and LightSpeed VT.
RecommendationClearly declare the required credential type, requested scopes, account authority, token storage/refresh behavior, and revocation steps before use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
`Use membrane connection ensure` to find or create a connection ... `If no app is found, one is created and a connector is built automatically.`

Membrane acts as an external gateway for authentication, connector creation, and action discovery; the skill does not detail connector identity, permissions, or data boundaries.

User impactLightSpeed VT data and credentials may be mediated through a third-party connection layer whose permissions should be understood.
RecommendationVerify the Membrane account, app URL, connector identity, and requested permissions before sharing sensitive LightSpeed VT data.