Nango
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could modify or delete Nango connections, users, groups, or related account data.
This gives the agent a broad authenticated API escape hatch, including destructive methods, without documenting approval requirements, endpoint limits, or safeguards.
When the available actions don't cover your use case, you can send requests directly to the Nango API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user confirmation for mutating requests, prefer scoped Membrane actions, and document allowed endpoints and rollback expectations.
The agent may be able to act with the permissions of the connected Membrane/Nango account.
The skill uses delegated Membrane/Nango account authentication. This is purpose-aligned, but it grants ongoing authenticated access through Membrane.
Membrane handles authentication and credentials refresh automatically... `membrane login --tenant`
Use a least-privileged account or tenant, verify which connection is selected, and revoke unused connections when finished.
Users must trust the external npm package and whichever version is installed or fetched at runtime.
The skill depends on an external CLI package installed globally or run via @latest, while no package code is included in the reviewed artifact set.
`npm install -g @membranehq/cli` ... `npx @membranehq/cli@latest action list --intent=QUERY --connectionId=CONNECTION_ID --json`
Install from the official package source, consider pinning a known version, and avoid running the CLI from untrusted environments.