46Elks
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate 46elks/Membrane integration, but it gives the agent broad authenticated power to send, delete, and proxy telecom API actions without clear approval boundaries.
Review this skill carefully before installing. If you use it, connect only the intended 46elks account, require explicit approval for sends, calls, deletions, number allocation/configuration, and any non-GET proxy request, and know how to revoke Membrane/46elks access afterward.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could perform costly or externally visible 46elks actions if invoked with insufficient user review.
These are high-impact telecom/account actions that can contact third parties, incur costs, change phone number configuration, or delete records. The artifact does not show explicit user-confirmation or scoping requirements before running them.
Popular actions include "Allocate Number", "Configure Number", "Delete Call", "Make Call", "Delete SMS", "Send SMS".
Require explicit user confirmation for sending messages, making calls, deleting records, allocating numbers, or changing phone number settings.
A mistaken or overly broad request could modify or delete 46elks account data beyond what the user intended.
The raw proxy is an authenticated escape hatch that can issue arbitrary mutating or deleting API requests, rather than limiting the agent to reviewed, purpose-specific actions.
When the available actions don't cover your use case, you can send requests directly to the 46elks API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Limit proxy use to user-specified endpoints and require confirmation for non-GET requests, especially DELETE, POST, PUT, or PATCH.
Installing or using the skill may grant the agent durable authenticated access to a 46elks account, despite the registry metadata not clearly declaring the credential requirement.
The skill relies on delegated authenticated access to 46elks through Membrane, including automatic credential refresh and auth-header injection, but the registry metadata declares no primary credential or required environment variables.
Membrane handles authentication and credentials refresh automatically... Membrane automatically... injects the correct authentication headers.
Clarify the required credential/account access in metadata and document the exact scopes, revocation steps, and approval expectations.
The behavior of the installed CLI can change as the npm package updates, and the user must trust that external package.
The CLI install is central to the skill's purpose, but it installs the latest global npm package rather than a pinned reviewed version.
npm install -g @membranehq/cli@latest
Prefer a pinned CLI version or verify the Membrane CLI source and package before installing globally.
Sensitive telecom data such as messages, calls, numbers, and account details may pass through Membrane and 46elks during normal use.
The skill discloses that Membrane acts as an intermediary for 46elks API access. This is purpose-aligned, but users should understand that 46elks requests and responses flow through that service.
This skill uses the Membrane CLI to interact with 46elks... send requests directly to the 46elks API through Membrane's proxy.
Use only with accounts and data you are comfortable routing through Membrane, and review Membrane's access and retention settings.