Microsoft Entra Id
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Microsoft Entra ID integration, but connecting it can give an agent broad power to change identity and access data without clear in-skill safeguards.
Install only if you trust Membrane and need an agent to administer Microsoft Entra ID. Use the least-privileged account possible, avoid production tenants for testing, require explicit approval before any create/update/delete/role/policy action, verify the npm CLI package, and revoke the Membrane/Microsoft connection when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected with a privileged account, the agent could read or change important identity, application, role, and policy data in the user's Entra tenant.
The skill connects an agent to Microsoft Entra ID with credential refresh and broad identity-administration authority, but the supplied instructions do not bound OAuth scopes, tenant scope, or least-privilege expectations.
Manage Users, Applications, ServicePrincipals, Devices, RoleDefinitions, Policies and more... Membrane handles authentication and credentials refresh automatically
Use a least-privileged account or test tenant, review Microsoft consent scopes and Membrane connection permissions, require explicit human approval for admin changes, and revoke the connection when no longer needed.
A mistaken or overly broad instruction could lead to users or groups being created, changed, deleted, or granted membership incorrectly.
The documented action model includes high-impact mutating and destructive identity operations, but the supplied artifact does not show safeguards such as confirmation prompts, dry-run behavior, or restrictions on when the agent may execute them.
Use action names and parameters as needed... Create User... Update User... Delete User... Create Group... Delete Group... Add Group Member
Treat create, update, delete, membership, role, application, and policy operations as approval-required actions and review the exact target objects before execution.
The behavior depends on whatever version of the Membrane CLI npm serves at install time.
The skill asks users to install a global CLI from npm using the moving @latest tag. This is disclosed and purpose-aligned, but it means the installed code is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install only from a trusted npm source, consider pinning a known CLI version, and review package provenance before using it with privileged Entra access.
Directory data and authentication flows may pass through or be mediated by Membrane, so the user must trust that provider with sensitive identity-management access.
Membrane acts as a third-party gateway for Entra ID authentication and actions. That is central to the skill, but the supplied artifact does not detail data retention, logging, or exact credential handling boundaries.
Requires network access and a valid Membrane account... This skill uses the Membrane CLI to interact with Microsoft Entra ID. Membrane handles authentication and credentials refresh automatically
Review Membrane's security and privacy documentation, audit created connections, and avoid connecting production tenants unless the data-handling model is acceptable.
Provider-returned instructions could influence how the agent proceeds during connection setup.
The skill tells the agent to consider remote provider-returned instructions during setup. This is disclosed and likely intended, but such instructions should not override the user's goal or safety constraints.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as provider hints only, and follow them only when they are consistent with the user's request and platform safety rules.