Revai
Analysis
Revai appears to be a real Rev.ai/Membrane integration, but it asks users to install an unpinned global CLI and grants broad authenticated access that can delete Rev.ai data.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill allows remote connection state to provide instructions to the agent, which is purpose-aligned for setup but should not be treated as overriding the user's goal or safety constraints.
When the available actions don't cover your use case, you can send requests directly to the Rev.ai API through Membrane's proxy. Membrane automatically ... injects the correct authentication headers
The skill exposes a broad authenticated API proxy rather than limiting the agent to known safe actions, and the visible instructions do not require approval for high-impact requests.
npm install -g @membranehq/cli@latest
The skill asks the user to install a mutable latest-version npm package globally, which creates supply-chain and provenance risk not captured by the no-install-spec declaration.
npx @membranehq/cli connection get <id> --wait --json
The skill's workflow executes external CLI code from the npm ecosystem. This is aligned with the Membrane-based purpose, but users should recognize that an instruction-only skill still causes local command execution.
Delete Job | delete-job | Permanently delete a transcription job and all associated data including input media and transcript.
A mistaken action or wrong job ID can permanently delete multiple related data objects, and the instructions do not specify containment or confirmation requirements.
Primary credential: none ... Capability signals - requires-oauth-token - requires-sensitive-credentials
The credential contract says no primary credential, while the capability signals and SKILL.md workflow require sensitive OAuth-style authentication, which can lead users to underestimate the trust required.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically
The skill depends on delegated account credentials and automatic refresh, but the registry requirements declare no primary credential and the instructions do not clearly scope the resulting Rev.ai authority.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
send requests directly to the Rev.ai API through Membrane's proxy ... injects the correct authentication headers
Rev.ai requests and authentication are mediated through Membrane's proxy, which is disclosed and purpose-aligned, but it is an important third-party data and credential boundary.