Snowplow Analytics
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Membrane-based Snowplow integration, but it gives the agent broad authenticated API/proxy access, including write/delete methods, without clear scoping or confirmation guidance.
Install only if you trust Membrane as an intermediary for your Snowplow account. Use a least-privileged connection, verify the CLI package before installing it globally, and require explicit approval before the agent runs any write or delete API request.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could make authenticated changes to Snowplow resources, pipelines, users, roles, or other account data through the proxy.
The skill documents a raw authenticated API escape hatch with write/delete-capable methods, but does not define approval steps, endpoint limits, or rollback guidance for high-impact Snowplow account changes.
“Proxy requests… send requests directly to the Snowplow Analytics API through Membrane's proxy… injects the correct authentication headers” and “HTTP method (GET, POST, PUT, PATCH, DELETE).”
Only allow proxy requests for specific user-approved endpoints and require explicit confirmation before any POST, PUT, PATCH, or DELETE request.
The agent may act with the privileges of the Membrane/Snowplow connection the user authorizes.
The integration requires delegated authentication through Membrane. This is expected for a Snowplow integration, but it gives the agent access through the connected account.
“membrane login --tenant --clientName=<agentType>” and “Membrane handles authentication and credentials refresh automatically.”
Use the least-privileged Snowplow account or connection available and review the permissions granted during authentication.
The behavior depends on the npm package that is installed at setup time, not just the reviewed SKILL.md text.
The skill asks users to install a global npm CLI at the latest version. This is central to the stated Membrane workflow, but it is unpinned and outside the instruction-only artifact itself.
“npm install -g @membranehq/cli@latest”
Install the CLI from the official package source, consider pinning a known-good version, and avoid running the global install in highly sensitive environments without review.
Requests and response data may pass through Membrane while interacting with Snowplow.
Snowplow API traffic and authentication are mediated by the Membrane service. This is disclosed and purpose-aligned, but users should understand that an external gateway is in the data path.
“send requests directly to the Snowplow Analytics API through Membrane's proxy… Membrane automatically appends the base URL… and injects the correct authentication headers.”
Confirm that Membrane is an approved intermediary for the Snowplow data involved, especially for production or sensitive analytics data.