ClawHub
Back to skill
v1.0.1

Teamioo

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:52 PM.

Analysis

This Teamioo skill is coherent for an integration, but it relies on an unpinned external CLI, persistent account credentials, and broad raw API access to workforce data.

GuidanceBefore installing, confirm you trust Membrane and the unpinned CLI source, use a least-privilege Teamioo account, avoid full-URL proxy requests unless verified, and require explicit approval before any action that creates, updates, or deletes workforce data.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
`npx @membranehq/cli@latest request CONNECTION_ID /path/to/endpoint` ... `HTTP method (GET, POST, PUT, PATCH, DELETE)` ... `You can also pass a full URL instead of a relative path — Membrane will use it as-is.`

The skill exposes broad raw API/proxy capability, including mutating methods and full URLs, without clear approval, scope, or containment limits.

User impactThe agent could make broad changes or requests through Teamioo/Membrane, including modifying or deleting workforce-management data, if given or inferring the wrong command.
RecommendationRequire explicit user confirmation for POST, PUT, PATCH, DELETE, and full-URL requests; restrict requests to documented Teamioo endpoints and least-privilege connections.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`This skill uses the Membrane CLI (`npx @membranehq/cli@latest`) to interact with Teamioo.`

The skill depends on an unpinned `@latest` npm package fetched at runtime, creating a supply-chain and version-drift risk.

User impactA future or compromised version of the CLI package could change behavior without the skill artifact changing.
RecommendationPin a reviewed CLI version or provide an install specification with provenance and integrity controls.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
`npx @membranehq/cli@latest login --tenant`

The instruction-only skill tells the agent to run an external CLI via `npx`; this is purpose-aligned but still executes local code.

User impactUsing the skill can run downloaded CLI code on the local machine and interact with local credential storage.
RecommendationUse the CLI only from a trusted environment, and prefer a pinned or preinstalled version where possible.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`schedule employees, track attendance, and manage time off` ... `HTTP method (GET, POST, PUT, PATCH, DELETE)`

The skill can act on operational HR/workforce systems using mutating methods, but does not define containment, dry-run, confirmation, or rollback practices.

User impactA wrong action could affect employee schedules, attendance, absences, or other organizational records.
RecommendationUse read-only discovery first, require confirmation for changes, and keep an audit trail or rollback plan for Teamioo updates.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`credentials are stored in ~/.membrane/credentials.json` ... `Membrane manages the full Auth lifecycle server-side with no local secrets.`

The instructions make a reassuring 'no local secrets' claim that conflicts with the earlier statement that credentials are stored locally.

User impactUsers may underestimate the local credential exposure and install or authorize the skill without taking appropriate precautions.
RecommendationClarify exactly what is stored locally, how it is protected, and how users can revoke or delete credentials.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
`Requires network access and a valid Membrane account` ... `After login, credentials are stored in ~/.membrane/credentials.json and reused for all future commands.`

The skill requires delegated account access and persistent local credentials, despite the registry declaring no primary credential requirement.

User impactInstalling or using the skill may authorize persistent access to a Membrane-connected Teamioo account, potentially covering sensitive HR and scheduling data.
RecommendationOnly connect a least-privilege Teamioo account, review Membrane permissions, and understand where credentials are stored before use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityHighConfidenceHighStatusConcern
SKILL.md
`send requests directly to the Teamioo API through Membrane's proxy` ... `injects the correct authentication headers` ... `You can also pass a full URL instead of a relative path — Membrane will use it as-is.`

The Membrane proxy/gateway handles authentication and will accept full URLs, but the artifact does not clearly bound origin or data-routing rules for those requests.

User impactA mistaken or unsafe full URL could route sensitive request data or authentication context through an unintended destination.
RecommendationAvoid full URLs unless verified, restrict proxy calls to official Teamioo API paths, and confirm how Membrane handles authentication headers for non-Teamioo URLs.