Lob
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install or authorize the skill thinking it is for one class of data while it can operate on Lob resources with different real-world and financial implications.
The skill description names CRM-style objects that do not match the Lob capabilities described later, which include direct mail, address verification, bank accounts, and checks.
description: ... Manage Persons, Organizations, Deals, Leads, Projects, Activities ... Lob provides APIs for automating direct mail and address verification.
Correct the description to accurately list Lob capabilities and clearly call out sensitive operations such as bank accounts, checks, and sending physical mail.
The agent could use authenticated Lob API calls to create, modify, or delete Lob resources, potentially including mail, checks, or bank-account-related records.
The skill exposes a raw authenticated API proxy with mutating and deleting methods. The provided instructions do not bound this escape-hatch by endpoint, operation type, or explicit user confirmation.
send requests directly to the Lob API through Membrane's proxy... injects the correct authentication headers ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Prefer discovered Membrane actions, and require explicit user confirmation before any create, update, delete, send-mail, check, or bank-account operation.
Connecting the skill grants Membrane-mediated access to the user's Lob account until the connection is revoked or expires.
The integration depends on delegated account access and automatic credential refresh, which is expected for a Lob integration but sensitive.
Membrane handles authentication and credentials refresh automatically ... The user completes authentication in the browser.
Use the least-privileged Lob account available, review what Membrane can access, and revoke the connection when it is no longer needed.
The CLI behavior can change after this skill review, and users are trusting the current npm package at install time.
The skill instructs installing and running the latest Membrane CLI from npm rather than a pinned reviewed version.
npm install -g @membranehq/cli@latest ... npx @membranehq/cli@latest action list
Pin a specific CLI version when possible and install from the documented Membrane source.
Lob data handled through this skill may pass through Membrane as part of normal operation.
The skill routes Lob API calls through the Membrane proxy, so request data, responses, and credential use are mediated by an external service.
send requests directly to the Lob API through Membrane's proxy ... Membrane automatically appends the base URL ... and injects the correct authentication headers
Only connect Lob accounts and send data that you are comfortable routing through Membrane, and review Membrane's access and retention policies.