ClawHub
Back to skill
v1.0.2

Mailchimp

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:25 AM.

Analysis

This looks like a real Mailchimp integration, but it deserves review because it can use a persistent authenticated Membrane connection to create, update, and make broad direct API requests against Mailchimp data.

GuidanceInstall only if you trust Membrane and are comfortable connecting your Mailchimp account. Give the agent specific resource IDs and intended actions, prefer listed read/query actions, and require explicit confirmation before creating, updating, deleting, or using the raw proxy against Mailchimp API endpoints.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
When the available actions don't cover your use case, you can send requests directly to the Mailchimp API through Membrane's proxy ... HTTP method (GET, POST, PUT, PATCH, DELETE).

This gives the agent a broad authenticated API escape hatch, including mutating and deleting HTTP methods, without artifact guidance requiring explicit user confirmation or tight endpoint scoping.

User impactA mistaken or overbroad request could change or remove Mailchimp audiences, contacts, campaigns, templates, or other marketing assets.
RecommendationUse prebuilt actions when possible, restrict raw proxy requests to explicitly requested endpoints, and require clear user confirmation before any create, update, PATCH, PUT, POST, or DELETE operation.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g @membranehq/cli

The skill asks for a global npm CLI installation without a pinned version. This is central to the skill's stated Membrane workflow, but it is still an external supply-chain dependency.

User impactInstalling a global CLI changes the local environment and trusts the npm package source.
RecommendationInstall the CLI from the official package source, consider pinning or reviewing the version, and avoid running it with elevated privileges unless required.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant ... The user completes authentication in the browser.

The skill depends on delegated Membrane/Mailchimp authentication and persistent credential refresh, which is expected for the integration but gives the tool continuing access to the connected account.

User impactAnyone using the skill through the connected account may be able to access or modify Mailchimp data allowed by that connection.
RecommendationConnect only the intended Mailchimp account, use least-privilege access where available, and disconnect or revoke the Membrane connection when it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceMediumStatusNote
SKILL.md
Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers

Mailchimp API requests are routed through the Membrane proxy/gateway with injected credentials. This is disclosed and purpose-aligned, but users should understand that Mailchimp request and response data may pass through Membrane.

User impactMarketing data, campaign information, and contact records may be handled through a third-party integration gateway.
RecommendationReview Membrane's data handling terms and avoid sending unnecessary sensitive contact or campaign data through raw proxy calls.