Microsoft Power Bi
Analysis
This Power BI skill appears purpose-aligned, but it asks the agent to install an unpinned global CLI and use OAuth-backed Membrane access capable of changing or deleting shared Power BI assets without clear approval guardrails.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill tells the agent to use instructions returned by a remote connection flow, but it does not define limits to prevent those instructions from overriding the user's original Power BI task.
`Update Workspace | update-workspace | Updates a specified workspace.` ... `Delete Workspace | delete-workspace | Deletes the specified workspace.` ... `Delete Dataset | delete-dataset | Deletes the specified dataset.`
The skill exposes high-impact Power BI mutation and deletion actions, but the visible instructions do not include explicit per-action approval, dry-run, scope, or rollback requirements.
`npm install -g @membranehq/cli@latest` ... `If no app is found, one is created and a connector is built automatically.`
The skill depends on an unpinned global npm package and an automatically built connector that is not included in the provided artifacts, creating a provenance and change-control gap.
`npm install -g @membranehq/cli@latest` and `npx @membranehq/cli connection get <id> --wait --json`
Although this is presented as an instruction-only skill, the runtime instructions execute npm/npx-managed code, including a global package install with an unpinned latest version.
`Power BI ... visualizing and sharing data insights` ... `List Workspace Users` ... `Delete Workspace | delete-workspace | Deletes the specified workspace.`
Power BI workspaces and reports are shared organizational assets, and the skill includes destructive workspace actions without visible containment or staged confirmation requirements.
`Membrane handles authentication and credentials refresh automatically — so you can focus on the integration logic rather than auth plumbing.`
This convenience framing is purpose-aligned, but users should notice that automatic credential refresh means ongoing delegated access, not just a one-time login.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
`membrane login --tenant --clientName=<agentType>` ... `The user completes authentication in the browser. The output contains the new connection id.`
The skill requires delegated OAuth-style authentication through Membrane for tenant-connected Power BI access, but it does not clearly state least-privilege scopes, tenant boundaries, revocation steps, or approval requirements for privileged operations.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
`Membrane handles authentication and credentials refresh automatically` ... `clientAction.uiUrl` ... `Show this to the user when present.`
The skill routes authentication and follow-up actions through a third-party Membrane flow that can provide URLs and instructions, but it does not define origin validation, data-handling boundaries, or credential-storage expectations.