Mailjet
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad changes to the connected Mailjet account, including deleting data or performing unsupported API operations, if it misinterprets the user's request.
The skill documents a raw authenticated proxy to the Mailjet API, including mutating and destructive HTTP methods, without clear limits or confirmation requirements.
membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE) ... injects the correct authentication headers
Only use raw proxy requests for specific user-approved tasks, and require explicit confirmation before DELETE, bulk update, or email-sending operations.
Connecting the skill gives Membrane-mediated access to the user's Mailjet account for future actions.
The integration relies on delegated Membrane/Mailjet account access and ongoing credential refresh. This is expected, but it is sensitive authority.
Membrane handles authentication and credentials refresh automatically ... The user completes authentication in the browser.
Connect only the intended Mailjet account and review/revoke the Membrane connection if it is no longer needed.
Installing a global CLI adds external code to the user's environment.
The skill asks for a global npm CLI installation. This is disclosed and central to the integration, but the package version is not pinned in the instructions.
npm install -g @membranehq/cli
Verify the package source and consider installing a pinned version in a controlled environment.