Better Stack
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Better Stack integration, but it requires trusting Membrane authentication/CLI access and can perform destructive Better Stack management actions.
Install this only if you trust Membrane and the @membranehq/cli package. During use, connect the least-privileged Better Stack account possible, review OAuth scopes, and require explicit confirmation before any delete, update, resolve, user, team, monitor, or incident-changing action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI adds third-party code to the local environment, and future @latest versions may differ from what was reviewed.
The skill asks the user to install a global npm CLI using the moving @latest tag. This is central to the Membrane integration and disclosed, but it depends on upstream package integrity.
npm install -g @membranehq/cli@latest
Install only from the trusted npm source, consider pinning or recording the CLI version, and keep the package updated through normal trusted channels.
A connected Membrane account may retain access to Better Stack until the connection or OAuth grant is revoked.
The integration delegates Better Stack authentication and credential refresh to Membrane. This is expected for the stated purpose, but it gives the integration continuing account access.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Better Stack account or scopes available, review requested permissions during login, and revoke the connection when it is no longer needed.
A mistaken command could delete incident records or monitoring resources and affect operational visibility.
The documented action catalog includes irreversible Better Stack operations. These are purpose-aligned for an administrative integration, but they can have operational impact if used accidentally.
| Delete Incident | delete-incident | Permanently deletes an existing incident. |
Require explicit user confirmation, exact resource IDs, and a clear rollback plan before running delete, update, resolve, or other high-impact actions.
Better Stack action requests, responses, and authentication state are mediated through Membrane rather than only through a direct Better Stack client.
The skill routes Better Stack interaction through a Membrane account and CLI. This third-party gateway is disclosed and expected, but the artifact does not detail all data-boundary or scope implications.
This skill uses the Membrane CLI to interact with Better Stack.
Review Membrane’s documentation, privacy terms, and connection scopes before authorizing access to sensitive Better Stack workspaces.