Momo
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Membrane/MoMo integration, but it gives the agent an authenticated raw API proxy that can make broad changes to MoMo data, so it deserves review before installation.
Install only if you trust Membrane and are comfortable granting it access to your MoMo account. Complete login yourself, prefer discovered pre-built actions, and require explicit confirmation before any create, update, delete, or raw proxy request.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the wrong endpoint, payload, or method, it could create, modify, or delete MoMo data under the user's authenticated account.
This creates an authenticated raw-request escape hatch, including mutating and deleting methods, without artifact-level limits on paths, operations, confirmation, or reversibility.
When the available actions don't cover your use case, you can send requests directly to the MoMo API through Membrane's proxy... injects the correct authentication headers ... HTTP method (GET, POST, PUT, PATCH, DELETE).
Prefer pre-built Membrane actions, require explicit user confirmation for create/update/delete or raw proxy calls, and restrict raw requests to user-specified endpoints and payloads.
The agent can act through a logged-in Membrane connection to MoMo according to whatever permissions that account grants.
The skill relies on delegated Membrane/MoMo authentication and automatic credential refresh. This is expected for the integration, but it is sensitive account access.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Complete OAuth/login yourself, use the least-privileged account or tenant available, and revoke the Membrane/MoMo connection when it is no longer needed.
The behavior depends on the currently published Membrane CLI package rather than code reviewed in this skill bundle.
The skill depends on an external CLI installed or executed at the latest version, outside the provided artifact set and static scan.
npm install -g @membranehq/cli@latest ... npx @membranehq/cli connection get <id> --wait --json
Install the CLI only from the trusted package source, consider pinning a reviewed version, and avoid running unexpected npm/npx commands from untrusted contexts.
Remote instructions from the connection workflow could influence how the agent proceeds during setup or recovery.
The skill allows provider-returned connection data to supply programmatic instructions to the agent. This may be useful setup guidance, but it should not override the user's task or safety constraints.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as advisory; keep them bounded by the user's explicit request and ask the user before taking sensitive actions.