v1.0.4

Sms Magic

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

This looks like a legitimate SMS Magic integration, but it gives the agent broad authenticated ability to act on SMS/customer data through Membrane, including raw API requests.

GuidanceBefore installing, confirm you are comfortable letting an agent access and potentially modify SMS Magic customer messaging data. Use a limited account, require explicit approval for sends/deletes/campaign changes, and prefer reviewed Membrane actions over raw API proxy calls.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Manage SMSes, Contacts, Conversations, Templates, Campaigns, Lists ... membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)

The skill grants broad authenticated action and raw API access over customer messaging resources, including write and delete methods, without visible limits or confirmation requirements.

User impactAn agent using this skill could send, modify, or delete SMS Magic business data or campaign-related resources if given or inferred instructions to do so.

RecommendationUse least-privileged SMS Magic/Membrane access, require explicit user confirmation before sending messages or making destructive changes, and prefer specific reviewed actions over raw proxy requests.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

npm install -g @membranehq/cli@latest

The setup uses a globally installed npm package pinned to the moving 'latest' tag; this is purpose-aligned but less reproducible than a fixed version.

User impactThe installed CLI version can change over time, so different users or future installs may run different Membrane CLI code.

RecommendationInstall from the expected npm package, consider pinning a known CLI version, and follow normal package-source verification practices.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>

The skill relies on delegated Membrane/SMS Magic authentication and automatic credential refresh, which is expected for the integration but sensitive.

User impactInstalling and using the skill may authorize the agent, through Membrane, to access SMS Magic account data and perform permitted account actions.

RecommendationReview the permissions granted during authentication, use a limited service account if possible, and revoke the connection when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

send requests directly to the SMS Magic API through Membrane's proxy ... injects the correct authentication headers

Membrane is explicitly placed in the data and authentication path for SMS Magic API calls; this is expected, but it means customer messaging data and API requests pass through a gateway provider.

User impactSMS Magic data, request bodies, and authenticated API operations may be routed through Membrane infrastructure.

RecommendationOnly send necessary data through the integration, review Membrane's security/privacy posture, and avoid using the proxy for unrelated sensitive data.