Search Api
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but its purpose is inconsistent and it gives broad authenticated API/proxy commands that could go beyond simple search.
Review this skill carefully before installing. Confirm that it is really the Search API connector you intend to use, connect only the account you want the agent to access, avoid raw proxy/full-URL requests unless you understand them, and require confirmation before any command that can modify or delete data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may connect the wrong service or trust the skill to perform account-management actions that do not match the documented Search API purpose.
The claimed business-object management capability does not fit the linked Google Custom Search API documentation, making the skill's actual purpose and expected authority unclear.
description: | Search API integration. Manage Deals, Persons, Organizations, Leads, Projects, Pipelines and more... Official docs: https://developers.google.com/custom-search/v1/reference/rest
Verify the intended provider and connector before use, and do not grant account access until the skill description and API documentation are consistent.
If followed too broadly, the agent could make authenticated requests that modify or delete data, or operate outside the intended search workflow.
The skill documents a broad raw API escape hatch, including mutating methods and full-URL requests, without clear limits or user-approval requirements.
npx @membranehq/cli@latest request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE) ... You can also pass a full URL instead of a relative path — Membrane will use it as-is.
Prefer the listed Membrane actions, require explicit user confirmation before any POST/PUT/PATCH/DELETE request, and avoid full-URL proxy calls unless the destination and effect are reviewed.
Anyone or any process able to use that local Membrane credential file may be able to act through the user's Membrane account.
The skill uses persistent local Membrane credentials. This is disclosed and expected for the integration, but it creates reusable delegated account access.
After login, credentials are stored in `~/.membrane/credentials.json` and reused for all future commands.
Use the skill only on trusted machines, protect the credential file, and revoke or remove Membrane credentials when no longer needed.
Future CLI changes or a supply-chain issue could affect what runs locally when the command is executed.
The skill relies on an unpinned latest-version CLI fetched through npx. This is central to the stated Membrane workflow, but it means the executed code can change over time.
This skill uses the Membrane CLI (`npx @membranehq/cli@latest`) ... npx @membranehq/cli@latest login --tenant
Consider pinning a known-good CLI version and verifying the package source before running it in sensitive environments.