ClawHub
Back to skill
v1.0.6

Salesloft

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:38 PM.

Analysis

This appears to be a real Salesloft integration, but it asks the agent to install an unpinned global CLI and gives broad delegated Salesloft access without clear approval, scope, or credential-boundary limits.

GuidanceInstall only if you trust Membrane and are comfortable granting delegated Salesloft access. Prefer a pinned CLI version, use a least-privileged Salesloft account, require confirmation before any mutating or proxy API request, and know how to revoke the Membrane/Salesloft connection afterward.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill allows external connection responses to provide agent-facing instructions. This is purpose-aligned for setup, but the agent should treat those instructions as lower priority than user and system instructions.

User impactAn external service response could influence how the agent proceeds during connection setup.
RecommendationOnly follow Membrane-provided setup instructions when they are directly related to the user's Salesloft request, and do not let them override user intent or safety limits.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Popular actions ... `Create Person | create-person` ... `When the available actions don't cover your use case, you can send requests directly to the Salesloft API through Membrane's proxy.`

The skill exposes both action execution and a direct API proxy for Salesloft, including mutating record operations, without explicit approval gates, safe-operation limits, or rollback guidance.

User impactThe agent could create or change Salesloft data or workflows more broadly than the user intended.
RecommendationRequire explicit user confirmation before any create, update, delete, enrollment, messaging, or proxy API request, and limit actions to the specific Salesloft records named by the user.
Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
SKILL.md
`npm install -g @membranehq/cli@latest`

The skill instructs installation of an unpinned latest-version npm package globally, despite having no install spec. This creates a package provenance and version-drift risk.

User impactA future or compromised npm package version could run with the user's local privileges.
RecommendationPin the CLI to a specific reviewed version, declare it in the install requirements, and avoid global installation unless necessary.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`npx @membranehq/cli connection get <id> --wait --json`

The skill directs the agent to execute npm-hosted CLI code at runtime. That is not inherently malicious, but it is unexpected for an instruction-only skill with no declared required binaries or install spec.

User impactRunning npm/npx commands can execute third-party code on the local machine.
RecommendationInstall only from a trusted, pinned package version and run the CLI in a constrained environment where possible.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Manage sales data, records, and workflows ... Cadence Enrollment ... Do Not Contact List ... Create Person

The skill can interact with shared sales records and workflow-related objects. A mistaken or overbroad action could propagate through team sales processes without containment guidance.

User impactIncorrect changes could affect shared Salesloft records, outreach workflows, or team operations.
RecommendationConstrain actions to named records, preview changes before execution, and require confirmation for workflow or bulk changes.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
metadata
Primary credential: none ... Capability signals: `requires-oauth-token`, `requires-sensitive-credentials`

The declared credential contract says no primary credential, but the capability signals indicate OAuth and sensitive credential use, creating an under-disclosed permission boundary.

User impactUsers may not realize they are granting delegated access to Salesloft through Membrane.
RecommendationDocument the required Salesloft/Membrane authentication, requested OAuth scopes, credential storage/refresh behavior, and revocation process before use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

External setup responses can add instructions into the agent's context. This is useful for integration setup but should not be treated as trusted memory or higher-priority policy.

User impactExternal text could shape the agent's next steps if not handled carefully.
RecommendationTreat returned `agentInstructions` as data from the integration provider, not as authority to change the user's objective or disclose extra information.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
This skill uses the Membrane CLI to interact with Salesloft. Membrane handles authentication and credentials refresh automatically.

Salesloft access is mediated by a third-party provider/gateway that manages authentication and refresh. This is purpose-aligned but important for users to understand as a data and credential boundary.

User impactSalesloft account access and data may flow through Membrane as part of normal operation.
RecommendationUse only if you trust Membrane with the relevant Salesloft access, and review Membrane's connection, data handling, and revocation controls.