Timecamp
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a coherent TimeCamp integration, but it gives the agent broad authenticated TimeCamp action and raw API proxy access without visible guardrails for sensitive business-data changes.
Before installing, make sure you are comfortable installing the Membrane CLI, logging into Membrane, and granting it access to TimeCamp. Use a least-privilege TimeCamp account, pin or verify the CLI package if possible, and instruct the agent to ask before any write, delete, bulk, billing, approval, or raw API proxy operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted sufficient TimeCamp permissions, the agent could change or delete business records such as time entries, projects, invoices, expenses, or approvals if a task is misinterpreted or overly broad.
This gives the agent broad ability to run discovered TimeCamp actions and fall back to raw authenticated API requests. The visible instructions do not bound endpoints, separate read-only from write actions, or require explicit approval before mutations.
membrane action run <actionId> --connectionId=CONNECTION_ID --json ... When the available actions don't cover your use case, you can send requests directly to the TimeCamp API through Membrane's proxy.
Use a least-privilege TimeCamp connection and require explicit user confirmation before any create, update, delete, bulk, approval, billing, invoice, expense, or raw proxy request.
The connected Membrane/TimeCamp account determines what the agent can access or change.
The integration requires delegated account access and ongoing credential refresh. This is expected for a TimeCamp connector, but it is sensitive authority.
This skill uses the Membrane CLI to interact with TimeCamp. Membrane handles authentication and credentials refresh automatically.
Connect only the account and workspace needed for the task, and review/revoke the Membrane connection when no longer needed.
A future CLI release could change behavior compared with what was reviewed here.
The setup uses a globally installed npm package with the mutable @latest tag. This is central to the skill, but the exact CLI code/version is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a specific trusted version, and keep the CLI updated through normal security processes.
Remote setup instructions could influence the agent's next steps if treated as authoritative.
The agent may receive operational instructions from a service response during connection setup. That can be useful, but such instructions should not override the user's intent or safety checks.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as contextual data, and do not allow them to bypass user approval or perform unrelated actions.
TimeCamp data and authenticated API requests may be visible to or processed by the Membrane service as part of the integration.
Authenticated TimeCamp requests are routed through Membrane as a proxy/gateway. This is disclosed and purpose-aligned, but it means sensitive request data crosses an external provider boundary.
Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers
Review Membrane and TimeCamp data-handling policies, and avoid sending unrelated sensitive data through the connection.