ClawHub
Back to skill
v1.0.2

Zoho Invoice

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:34 AM.

Analysis

This is a coherent Zoho Invoice/Membrane skill, but it gives broad authenticated control over financial records, including raw update/delete API calls, without clear confirmation or scope limits.

GuidanceInstall only if you are comfortable connecting Zoho Invoice to Membrane and letting the agent operate on financial records. Before any create, update, send, payment, or delete action, require an explicit confirmation showing the exact record, endpoint, method, and payload, and revoke the connection when finished.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
you can send requests directly to the Zoho Invoice API through Membrane's proxy ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE)

This documents an authenticated raw API escape hatch, including mutating and deleting methods, for financial/business records without documented confirmation or scope boundaries.

User impactAn agent using this skill could make broad changes to Zoho Invoice records, such as invoices, customers, payments, expenses, or settings, if it chooses or is directed to use unsafe endpoints.
RecommendationUse prebuilt Membrane actions where possible, require the agent to show the exact action or endpoint and request body, and require explicit user approval before any non-GET, payment, send, update, or delete operation.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
`npm install -g @membranehq/cli` ... `npx @membranehq/cli@latest action list`

The skill relies on installing/running an npm CLI, including an unpinned latest invocation. This is central to the stated purpose, but users should notice the external package dependency.

User impactFuture CLI package changes could affect behavior, and a compromised or unexpected package source would run locally.
RecommendationInstall from the official npm package, verify the package name and publisher, and pin a known-good CLI version where possible.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant` ... `membrane connect --connectorId=CONNECTOR_ID --json`

The skill requires delegated Membrane/Zoho account access with credential refresh. This is expected for the integration, but it is high-impact because Zoho Invoice contains financial and customer records.

User impactA connected account may remain usable for future authenticated Zoho Invoice actions until the connection is revoked or restricted.
RecommendationConnect only the intended Zoho organization/account, review granted scopes if available, use the least-privileged account practical, and revoke the Membrane connection when no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
send requests directly to the Zoho Invoice API through Membrane's proxy ... injects the correct authentication headers

Zoho Invoice requests and related business data pass through Membrane as a gateway/proxy. This is disclosed and purpose-aligned, but it is a sensitive data-flow boundary.

User impactInvoice, customer, payment, or expense data may be transmitted through Membrane while completing requested actions.
RecommendationReview Membrane's privacy/security posture and avoid sending unnecessary sensitive fields through the proxy.