Baselinker
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real BaseLinker integration, but it gives an agent broad authenticated power to change e-commerce data through Membrane and raw API calls without clear approval limits.
Install only if you trust Membrane and intend to let the agent work with BaseLinker. Use the least-privilege account available, review the npm CLI source/version, and require explicit confirmation before any action that creates, updates, deletes, or changes orders, inventory, products, shops, or users.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands a request or acts too broadly, it could alter store inventory, products, or orders.
These capabilities can create or change business-critical order, inventory, and product data, and the raw proxy exposes broad API methods without visible confirmation or scope limits.
Popular actions include "Add Inventory Product", "Update Inventory Products Stock", "Set Order Status", "Set Order Fields", "Add Order"; proxy requests support "GET, POST, PUT, PATCH, DELETE".
Require explicit user confirmation for every mutating action, endpoint, and input; prefer least-privilege/read-only access when possible.
Connecting the skill can give the agent access to authenticated BaseLinker operations through Membrane.
The integration requires delegated account access and token handling. This is expected for BaseLinker access, but it is sensitive and should be scoped carefully.
Membrane handles authentication and credentials refresh automatically
Review the BaseLinker/Membrane connection permissions and use the narrowest account or scopes available.
Future installs could receive a different CLI version than the one originally reviewed.
The setup uses a globally installed npm package pinned to the moving @latest tag. This is a normal CLI install pattern for the stated purpose, but it has weaker reproducibility and provenance than a pinned install.
npm install -g @membranehq/cli@latest
Install from a trusted npm source and consider pinning a known-good CLI version.
Order, product, inventory, and account operations may pass through Membrane rather than only directly to BaseLinker.
BaseLinker requests and authentication are routed through Membrane as a gateway. This is disclosed and purpose-aligned, but it means sensitive commerce operations depend on a third-party proxy.
send requests directly to the BaseLinker API through Membrane's proxy ... injects the correct authentication headers
Use this only if you trust Membrane for this data path and have reviewed its security and data-handling terms.
Remote setup instructions could influence what the agent tries to do next if over-trusted.
The skill may place provider-supplied instructions into the agent workflow. This can be useful for setup, but such instructions should not override the user's request or higher-priority policies.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as advisory data and follow them only when they match the user's explicit goal.