Mocean Api
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mocean-api Version: 1.0.4 The skill bundle contains instructions (SKILL.md) for an AI agent to interface with the Mocean API using the Membrane CLI. It provides a standard workflow for authentication, connection management, and executing API actions through a third-party integration platform. No malicious code, data exfiltration attempts, or harmful prompt injections were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make authenticated Mocean API changes, including actions that may affect account data, send communications, or incur service costs, if prompted or if it misinterprets a task.
This gives the agent a broad authenticated escape-hatch for arbitrary Mocean API requests, including mutating and deleting operations, without artifact guidance requiring user confirmation or scoping.
When the available actions don't cover your use case, you can send requests directly to the Mocean API API through Membrane's proxy... injects the correct authentication headers... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Use only for clearly requested Mocean tasks, prefer discovered scoped actions over raw proxy requests, and require explicit user confirmation before sending SMS/voice messages or performing POST, PUT, PATCH, or DELETE requests.
The skill can operate through a logged-in Membrane/Mocean connection with the permissions granted during authentication.
The skill requires delegated account authentication and automatic credential refresh. This is expected for an API integration, but it is sensitive authority that users should notice.
Membrane handles authentication and credentials refresh automatically... `membrane login --tenant --clientName=<agentType>`
Authenticate only with the intended account, review the scopes/permissions granted, and revoke the connection if it is no longer needed.
Installing the latest global CLI means the code run on the machine may change over time and was not included in this skill artifact review.
The skill instructs a global install of the Membrane CLI using the latest npm version. This is disclosed and purpose-aligned, but it is not pinned to a reviewed version.
npm install -g @membranehq/cli@latest
Install the CLI from the official package source, consider pinning a known version, and keep it updated through normal trusted package-management practices.