Superphone
Analysis
This SuperPhone integration is coherent, but it gives the agent broad authenticated API powers, uses an unpinned external CLI, and relies on persistent credential handling.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill tells the agent that remote connection state may contain instructions directed at the AI, which could steer setup behavior if treated as authoritative.
`membrane request CONNECTION_ID /path/to/endpoint` ... `--method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
The skill grants a generic authenticated proxy to the SuperPhone API, including destructive HTTP methods, without documented approval checks, endpoint limits, or rollback controls.
`npm install -g @membranehq/cli@latest` ... `npx @membranehq/cli@latest` ... `one is created and a connector is built automatically.`
The skill depends on unpinned latest-version npm tooling and dynamically created connector behavior that is not included in the reviewed artifact.
Install the Membrane CLI so you can run `membrane` from the terminal: `npm install -g @membranehq/cli@latest`.
The skill has no code files, but its runtime instructions still ask the user or agent to execute package-install and CLI commands.
Manage Persons, Organizations, Leads, Deals, Activities, Notes and more ... HTTP method (GET, POST, PUT, PATCH, DELETE).
The skill operates on live business records and supports mutating or deleting API requests, so an incorrect action can have downstream effects across SuperPhone data.
Membrane provides pre-built actions with built-in auth, pagination, and error handling. This will ... make communication more secure.
The instructions make a security assurance about using Membrane, but they do not describe the specific security controls, data handling, or limits behind that claim.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically ... The user completes authentication in the browser. The output contains the new connection id.
The skill requires authenticated Membrane/SuperPhone access and automatic credential refresh, but it does not define least-privilege scope, duration, or revocation steps.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
send requests directly to the SuperPhone API through Membrane's proxy. Membrane ... injects the correct authentication headers.
The skill routes SuperPhone API requests and authentication through Membrane as an intermediary, which is purpose-aligned but creates a sensitive data boundary users should understand.