Outreach
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Outreach integration, but it gives the agent broad ability to create and run CRM actions through Membrane without clear approval or scope limits.
Only install this if you are comfortable connecting an Outreach account through Membrane. Before letting the agent make changes, ask it to show the exact action, parameters, and expected effect, and require confirmation for any record creation, update, import/export, or workflow change.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad agent action could change Outreach sales records, tasks, opportunities, or workflows in the connected account.
The skill instructs the agent to dynamically create and run provider actions. Combined with listed create/update Outreach actions, this gives broad mutation authority without a documented approval gate or scope boundary.
Use action names and parameters as needed. ... membrane action create "DESCRIPTION" --connectionId=CONNECTION_ID --json ... membrane action run <actionId> --connectionId=CONNECTION_ID --input '{"key": "value"}' --jsonRequire explicit user approval before any create, update, delete, import, export, messaging, or workflow-changing action; prefer existing reviewed actions; and preview inputs before execution.
The agent can access and act on Outreach data allowed by the connected account.
The skill requires delegated Membrane and Outreach account access and indicates credentials are refreshed automatically. This is expected for the integration, but it is sensitive authority.
Requires network access and a valid Membrane account ... Membrane handles authentication and credentials refresh automatically ... membrane connect --connectorKey outreach
Use a least-privilege Outreach account or connection, review granted scopes, and revoke the connection when it is no longer needed.
Installing a moving global CLI can change behavior over time or pick up a compromised package version if the upstream package were affected.
The setup uses a globally installed moving `latest` npm package. This is purpose-aligned for a Membrane integration, but the exact CLI version is not pinned in the skill instructions.
npm install -g @membranehq/cli@latest
Install the Membrane CLI from the official source, consider pinning a reviewed version, and keep it updated through trusted channels.