Axesso Data Service Amazon
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Membrane/Axesso integration, but it asks the user to install a CLI, authenticate accounts, and can make authenticated API requests, so permissions should be reviewed before use.
Before installing, verify the Membrane CLI package, sign in with the correct Membrane/Axesso account, review granted scopes, and require confirmation before the agent uses direct proxy requests or any non-read API method.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may require installing and trusting the current published Membrane CLI package on the local system.
The skill asks the user to globally install a mutable npm CLI package. This is the documented mechanism for the integration, but it introduces package-source and version trust.
npm install -g @membranehq/cli@latest
Verify the package source and consider pinning or reviewing the CLI version before installing globally.
Actions performed through the skill may run under the user's Membrane/Axesso-connected account.
The skill requires account authentication and delegates credential handling/refresh to Membrane, which is expected for this API integration but grants ongoing account-linked access.
Requires network access and a valid Membrane account... Membrane handles authentication and credentials refresh automatically
Use the intended account, review any OAuth/API-key scopes during connection, and revoke the connection when it is no longer needed.
If used carelessly, the agent could make authenticated API requests beyond simple product lookups.
The skill documents both action execution and a direct authenticated proxy escape hatch, including mutation-capable HTTP methods. This is disclosed and purpose-aligned, but broad.
membrane action run <actionId> --connectionId=CONNECTION_ID --input '{"key": "value"}' --json ... membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)Ask the agent to confirm before using non-read methods or running actions whose effect is unclear.
Remote setup instructions could influence how the agent proceeds during connection setup.
The connection flow may return remote instructions for the agent. This can be useful setup guidance, but such instructions should not override the user's actual request or safety boundaries.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as operational hints only, and keep the user's request and approval requirements authoritative.