v1.0.4

Mux

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:17 PM.

Analysis

The skill is broadly aligned with managing Mux, but it asks the agent to install and run an unpinned external CLI and exposes broad authenticated Mux API actions without clear approval or containment rules.

GuidanceInstall only if you trust Membrane and are comfortable granting it access to your Mux account. Prefer a pinned CLI version, avoid global installs when possible, and require explicit confirmation before any command that changes or deletes Mux resources.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

SKILL.md

`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill tells the agent that remote connection responses may contain instructions for the AI agent. This is purpose-aligned for setup, but those instructions should not override the user's request or safety boundaries.

User impactA remote service response could influence what the agent does next during setup.

RecommendationTreat remote `agentInstructions` as guidance only; confirm any sensitive or destructive next step with the user.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

When the available actions don't cover your use case, you can send requests directly to the Mux API through Membrane's proxy... `--method` | HTTP method (GET, POST, PUT, PATCH, DELETE).

The skill exposes broad authenticated API access, including destructive or mutating methods, without clear user-approval, scope, dry-run, or rollback requirements.

User impactThe agent could modify or delete Mux resources if it runs the wrong action or proxy request.

RecommendationRequire explicit user confirmation before POST, PUT, PATCH, DELETE, or any action that changes assets, live streams, webhooks, signing keys, incidents, or account configuration.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npm install -g @membranehq/cli@latest

The skill instructs installation of an unpinned latest-version npm package globally, creating supply-chain and version-drift risk.

User impactThe code installed today may differ from what was reviewed, and a compromised or changed package could affect the local environment.

RecommendationPin the CLI to a reviewed version and avoid global installation where possible.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Use `npx @membranehq/cli@latest action list --intent=QUERY --connectionId=CONNECTION_ID --json`

The runtime instructions execute an external latest-version package through npx, even though the registry describes the skill as instruction-only with no install spec.

User impactRunning the skill can execute downloaded CLI code on the user's machine.

RecommendationOnly run the CLI from a trusted, pinned version and review commands before execution.

Cascading Failures

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Mux Overview... Live Streams... Signing Keys... Webhooks

The skill covers production-sensitive Mux resources, and the direct proxy instructions allow mutating API calls without documented containment such as staging-only mode, dry-run, or explicit confirmation.

User impactA mistaken action could affect live video infrastructure, signing keys, webhooks, or other connected Mux workflows.

RecommendationAdd explicit safeguards for production resources, especially confirmation prompts and clear separation between read-only and mutating operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Membrane handles authentication and credentials refresh automatically

Delegated authentication and credential refresh are expected for a Mux integration, but they mean the user is granting ongoing account authority through Membrane.

User impactUsing the skill requires trusting Membrane with access sufficient to interact with the user's Mux data.

RecommendationUse the least-privileged Mux/Membrane connection available and revoke the connection when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The agent may incorporate retrieved instructions from the connection workflow into its context. This is useful for setup but should be treated as untrusted contextual guidance.

User impactRemote setup text could affect the agent's next steps if over-trusted.

RecommendationDo not let retrieved setup instructions override the user's explicit request, credential-handling rules, or approval requirements.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

send requests directly to the Mux API through Membrane's proxy... injects the correct authentication headers

Mux API traffic and authentication are mediated by Membrane's proxy. This is disclosed and purpose-aligned, but it introduces a third-party gateway in the data path.

User impactMux API requests and responses may pass through Membrane, not just between the user and Mux.

RecommendationUse Membrane only if its data handling and access controls meet the user's requirements.