Action Network
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Action Network integration, but it enables broad credentialed actions through Membrane, including sensitive reads and record changes, without clear guardrails for mutating operations.
Install only if you are comfortable using Membrane as the intermediary for your Action Network account. Use least-privileged credentials, review the exact connection and action before running it, and require explicit confirmation before the agent creates, updates, publishes, emails, or otherwise changes records.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent interprets a request too broadly, it could create or update supporter records, events, petitions, or other Action Network data.
The skill documents a generic action runner for discovered Action Network actions, including account-mutating actions, without explicit confirmation or scope limits for writes.
Use action names and parameters as needed... Create Person... Update Person... Create Petition... Create Event... membrane action run <actionId> --connectionId=CONNECTION_ID --json
Require explicit user confirmation before create/update/send/publish-style actions, verify the exact connection, action, and input JSON, and prefer least-privileged Action Network access.
Installing and using the skill may give Membrane-backed tooling ongoing access to the connected Action Network account.
The integration requires delegated Membrane authentication and credential refresh for Action Network access. This is expected for the integration, but it is sensitive authority.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Use a dedicated or least-privileged account where possible, review the scopes granted during authentication, and know how to revoke the Membrane/Action Network connection.
The behavior of the CLI may differ depending on the latest package version available when installed.
The setup relies on a globally installed, unpinned npm CLI package. This is disclosed and purpose-aligned, but the executed code can change over time.
npm install -g @membranehq/cli@latest
Install from a trusted source, consider pinning a reviewed version, and use an isolated environment if handling sensitive Action Network data.
A connection workflow could steer the agent's next steps if the agent treats returned instructions as authoritative.
The Membrane connection response may include instructions for the agent. This is part of the intended workflow, but external instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as untrusted workflow hints, and follow them only when they match the user's request and the expected Action Network connection flow.
Sensitive Action Network data such as people, donations, memberships, email lists, or petition signatures may be accessed through Membrane-mediated actions.
The skill routes Action Network authentication and operations through the Membrane CLI/service. This is disclosed and purpose-aligned, but it creates a third-party data and control boundary.
This skill uses the Membrane CLI to interact with Action Network. Membrane handles authentication and credentials refresh automatically
Review Membrane's security and privacy posture before connecting high-privilege Action Network accounts, and avoid sending unnecessary sensitive data through action inputs.