ClawHub
Back to skill
v1.0.5

Rippling Hr

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:30 AM.

Analysis

Review before installing because this skill gives an agent OAuth-backed access to sensitive Rippling HR data and includes HR write/delete capabilities through Membrane.

GuidanceInstall only if you intend to let an agent use a Membrane/Rippling connection for sensitive HR work. Prefer a least-privilege account, verify OAuth scopes, pin or verify the Membrane CLI, and require explicit confirmation before any create, update, delete, payroll, or report-related action.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Popular actions include “Create Leave Request”, “Create Group”, “Update Group”, and “Delete Group”.

The artifact exposes HR mutation and deletion actions but does not specify user confirmation, scoping, reversibility, or safe defaults before those actions are used.

User impactA mistaken or overly broad agent action could change company HR records, groups, or leave-related data.
RecommendationRequire explicit user approval for create, update, delete, payroll, and report actions, and test with low-privilege accounts first.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g @membranehq/cli@latest

The setup installs a global npm CLI using the moving latest tag. This is purpose-aligned for a Membrane integration, but the installed code can change over time.

User impactUsers may install a different CLI version than the one originally reviewed.
RecommendationPin and verify the CLI version where possible, and install only from the expected npm package source.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
“Manage Employees, Companies, PayrollRuns, Reports” ... “Membrane handles authentication and credentials refresh automatically”

The skill requires delegated account access to sensitive HR and payroll-related systems, and the artifact does not define least-privilege scopes or limits for that access.

User impactIf installed with a powerful Rippling account, the agent could access sensitive employee and payroll-related information under that account’s authority.
RecommendationUse a least-privilege Rippling/Membrane account, review OAuth scopes and connection permissions, and monitor audit logs.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
“This skill uses the Membrane CLI to interact with Rippling HR. Membrane handles authentication and credentials refresh automatically.”

The integration uses Membrane as an external intermediary for Rippling authentication and data access. This is disclosed and aligned with the skill purpose, but it affects where credentials and HR data are handled.

User impactSensitive HR data and credential refresh flows may be managed through the Membrane account and connection.
RecommendationReview Membrane’s security settings, data handling terms, and connection permissions before using it with production HR data.