Nano Nets
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Membrane/Nano Nets integration, but it gives the agent broad authenticated API power, including direct write/delete requests, without clear approval guardrails.
Install only if you trust Membrane and need this integration. Use a least-privilege Nano Nets account or scoped connection, prefer read-only or prebuilt actions when possible, and require explicit confirmation before any create, update, delete, user-management, file, or organization-level operation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong endpoint, method, or payload, it could change or delete Nano Nets account data such as users, files, projects, or organization records.
The skill documents a raw authenticated API proxy that supports mutating and deleting requests. The artifact does not add approval requirements, endpoint limits, or safeguards for destructive operations.
membrane request CONNECTION_ID /path/to/endpoint ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to GET
Use the safest scoped actions first, require explicit user confirmation before POST/PUT/PATCH/DELETE requests, and review the exact endpoint, method, and payload before allowing proxy requests.
Actions taken through the skill may occur with the user's account privileges and may continue working while the Membrane connection remains authorized.
The skill relies on delegated authenticated access and automatic credential refresh. This is expected for an integration, but it gives the agent authority tied to the user's Membrane/Nano Nets account.
Membrane handles authentication and credentials refresh automatically ... injects the correct authentication headers
Use a least-privilege account or scoped connection where possible, monitor connected apps, and revoke the Membrane/Nano Nets connection when it is no longer needed.
The behavior of the CLI could change between installs, and the user must trust the npm package source.
The setup uses an unpinned global npm install. That is central to the skill's purpose, but the installed code may change as @latest moves.
npm install -g @membranehq/cli@latest
Install the CLI only from the official package source, consider pinning a reviewed version, and avoid privileged installs unless necessary.
Remote instructions could influence the agent's next steps if treated as authoritative.
The workflow may expose agent-directed instructions returned by a remote service. This is likely part of the integration flow, but such text should not override the user's goal or safety rules.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as advisory context only, and keep user intent, platform policy, and explicit approvals as the controlling authority.
API request data and authentication handling may pass through Membrane rather than going directly from the user's environment to Nano Nets.
The skill routes Nano Nets API traffic through the Membrane proxy/gateway. This is disclosed and purpose-aligned, but it is a third-party data and credential boundary users should understand.
send requests directly to the Nano Nets API through Membrane's proxy. Membrane automatically appends the base URL ... and injects the correct authentication headers
Use the skill only if you trust Membrane for this integration and avoid sending unnecessary sensitive data in proxy requests.