Segmetrics
Analysis
This SegMetrics skill appears purpose-aligned, but it gives the agent broad authenticated API/proxy powers and uses an unpinned external CLI without clear approval or scope boundaries.
Findings (9)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill tells the agent to consume instructions returned from a connection flow. That is purpose-aligned for setup, but remote instructions should not override the user's actual request or safety boundaries.
When the available actions don't cover your use case, you can send requests directly to the SegMetrics API through Membrane's proxy.
The skill exposes a direct authenticated API proxy in addition to discovered actions. The documented options include mutating methods such as POST, PUT, PATCH, and DELETE, but the instructions do not require user confirmation or restrict destructive operations.
npm install -g @membranehq/cli@latest
The skill instructs installation of a globally available CLI using the floating @latest tag. This means the executed code can change over time and is not pinned to the reviewed artifact version.
npx @membranehq/cli connection get <id> --wait --json
The instruction-only skill expects users or the agent to execute external CLI commands. This is consistent with the Membrane-based integration, but it is still local code execution outside the SKILL.md artifact.
HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to GET
The proxy supports destructive and mutating methods against the connected SegMetrics account. A mistaken request could affect cloud-hosted marketing or customer records, and the artifacts do not describe containment or rollback.
Membrane provides pre-built actions with built-in auth, pagination, and error handling. This will burn less tokens and make communication more secure
The skill makes a broad security-benefit claim about using Membrane. It is not clearly deceptive, but users should not treat that wording as a substitute for reviewing permissions and data flow.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically
The skill relies on delegated account credentials and automatic refresh. That is useful for an integration, but the artifacts do not clearly define the SegMetrics scopes, authorization lifetime, or approval boundary for using those credentials.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill may place externally returned setup instructions into the agent's working context. That is useful for connection flows, but such context can be over-trusted if not separated from user instructions.
Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers
The skill routes SegMetrics API traffic and authentication through Membrane's proxy. This is disclosed and purpose-aligned, but it creates a third-party gateway trust boundary for sensitive account data.