Moosend
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change or delete Moosend marketing assets or subscriber data if it chooses a mutating action incorrectly.
The skill documents broad API action use, including bulk subscriber changes and destructive mailing-list operations, but the artifacts do not require explicit user confirmation or define limits for high-impact mutations.
Use action names and parameters as needed. ... | Create Mailing List | ... | Add Multiple Subscribers | ... | Update Mailing List | ... | Delete Mailing List |
Only use this skill for clearly requested Moosend tasks, and require explicit confirmation before create, update, bulk subscriber, send, automation, or delete operations.
Connecting the skill gives the workflow access to Moosend data and actions through Membrane until the connection is revoked or expires.
The integration requires delegated Membrane and Moosend account access. This is expected for the stated purpose, but it is still sensitive account authority.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType> ... membrane connection ensure "https://moosend.com" --json
Connect only the intended Moosend account, review the permissions granted during authentication, and revoke the Membrane connection when no longer needed.
The behavior depends on the current Membrane CLI release installed from npm, not on code included in this skill package.
The setup depends on installing a global npm CLI at the latest version. This is central to the skill's purpose, but it means the reviewed artifact does not pin the exact CLI code that will run.
npm install -g @membranehq/cli@latest
Install the CLI from the official npm package, consider pinning a reviewed version in controlled environments, and keep it updated through normal package-management practices.
Subscriber, campaign, template, and automation data may be processed through Membrane during use.
The skill routes Moosend operations through Membrane rather than directly through code in the skill. This is disclosed and purpose-aligned, but it introduces a third-party gateway handling credentials and returned marketing data.
This skill uses the Membrane CLI to interact with Moosend. Membrane handles authentication and credentials refresh automatically
Use this only if you trust Membrane for this Moosend account, and avoid requesting unnecessary subscriber or campaign data.