Maintainx
ReviewAudited by ClawScan on May 10, 2026.
Overview
This MaintainX skill is generally coherent, but it gives broad authenticated API access that can modify or delete business data without clear approval or scope limits.
Review this skill before use because it can operate with your MaintainX account through Membrane and can send direct API requests that may change or delete operational data. If you install it, use a limited-permission account, verify the Membrane CLI package, and require confirmation before any write, delete, billing, settings, or bulk action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad changes to MaintainX records, such as work orders, assets, settings, or other operational data, if it runs the wrong action or endpoint.
The skill documents a raw authenticated API proxy that can use write and delete HTTP methods against MaintainX endpoints, without stating approval, scoping, or rollback requirements for destructive or business-impacting actions.
membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Use this only with a least-privileged MaintainX account and require explicit user confirmation before any create, update, delete, billing, settings, or bulk operation.
The connected account’s permissions determine what the agent can read or change in MaintainX.
The skill requires the user to authenticate with Membrane and connect MaintainX, granting delegated account access. This is expected for the integration but is still sensitive authority.
membrane login --tenant ... membrane connect --connectorId=CONNECTOR_ID --json ... The user completes authentication in the browser.
Connect only the MaintainX account and workspace needed for the task, preferably with limited permissions.
Users depend on the npm package and its current published version when running the setup commands.
The skill relies on installing or invoking an external npm CLI, including a latest-version npx command. This is central to the stated purpose, but it is not pinned in the skill artifacts.
npm install -g @membranehq/cli ... npx @membranehq/cli@latest action list
Verify the Membrane CLI package source before installing and consider pinning a known-good version in managed environments.
A MaintainX connection may remain available for future use after setup.
The skill indicates that authentication and refresh are managed over time by Membrane. This is normal integration behavior, but it means access may persist beyond a single command until the connection is revoked.
Membrane handles authentication and credentials refresh automatically
Review and revoke the Membrane/MaintainX connection when it is no longer needed.