Benchmark Email
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Benchmark Email integration, but it gives the agent broad authenticated API access through Membrane, including raw proxy calls that are not clearly scoped or approval-gated.
Before installing, make sure you are comfortable giving Membrane-authenticated access to your Benchmark Email account. Use least-privilege credentials if possible, approve any write, webhook, delete, send, or raw proxy operation explicitly, and consider pinning or verifying the Membrane CLI version before installing it globally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could make broader Benchmark Email API calls than the predefined actions suggest, potentially changing contact lists, webhooks, or other account data if prompted or misdirected.
This creates a broad authenticated API escape hatch beyond the listed actions and schemas. For an email marketing account, that could enable high-impact writes or configuration changes without clear per-action scoping in the artifact.
When the available actions don't cover your use case, you can send requests directly to the Benchmark Email API through Membrane's proxy. ... injects the correct authentication headers
Only allow raw proxy use for explicit user-approved tasks, prefer listed actions when possible, and require confirmation before creating, updating, deleting, sending, or webhook-related operations.
Actions will run using the connected Benchmark Email account, so mistakes may affect real marketing data and customer/contact records.
The skill relies on delegated Membrane/Benchmark Email authentication. This is expected for the integration, but users should understand that the agent may operate with the connected account's privileges.
Membrane handles authentication and credentials refresh automatically
Connect the least-privileged account available and review requested actions before authorizing changes.
Installing a moving global CLI version can change behavior over time and depends on npm package provenance.
The setup uses a globally installed npm package with the moving @latest tag. It is purpose-aligned, but not pinned to a reviewed version.
npm install -g @membranehq/cli@latest
Install from a trusted environment, consider pinning a known CLI version, and review Membrane CLI provenance before use.
Contact, campaign, and account data may be processed through Membrane while using the integration.
Benchmark Email requests and responses may pass through Membrane as an integration gateway. This is disclosed and purpose-aligned, but it is a third-party data boundary users should notice.
send requests directly to the Benchmark Email API through Membrane's proxy
Confirm that using Membrane as an integration gateway is acceptable for the sensitivity of the Benchmark Email data involved.