Better Stack
Analysis
This looks like a legitimate Better Stack integration, but it can install an unpinned global CLI and perform permanent Better Stack changes without clear approval or scope limits.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill allows external connection state returned by Membrane to provide agent-facing instructions. This is purpose-aligned for setup, but those instructions should not override the user's request or higher-priority safety rules.
`Delete Incident` ... `Permanently deletes an existing incident`; `Delete Monitor` ... `Permanently deletes an existing monitor`; `Update Monitor` ... `alert settings`.
The documented Better Stack actions include permanent deletion and alert-configuration changes, but the skill does not require explicit user confirmation, limit actions to specific IDs, or define rollback/containment steps.
npm install -g @membranehq/cli@latest
The skill instructs a global npm install using `@latest`, which is unpinned and can change over time. This creates supply-chain exposure because the reviewed artifact does not include the CLI code being installed.
This skill uses the Membrane CLI to interact with Better Stack ... `npx @membranehq/cli connection get <id> --wait --json`.
The skill is instruction-only, but its normal workflow runs external CLI code through npm/npx. That code execution is expected for the integration, but it is not contained in the reviewed skill artifact.
Better Stack is an infrastructure monitoring platform ... ensure uptime ... `Delete Monitor` ... `Permanently deletes an existing monitor`.
The skill can affect operational monitoring resources. A bad delete or alert-setting change could reduce visibility into production incidents and impact teams that rely on Better Stack.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically ... Manage Incidents, Users, Teams.
The skill requires delegated account access and automatic credential refresh for Better Stack management, including user/team-related authority, but does not document scopes, role requirements, token lifetime, or privilege boundaries.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Use `membrane connection ensure` to find or create a connection ... The user completes authentication in the browser. The output contains the new connection id.
Membrane acts as an intermediary/gateway between the agent and Better Stack. This is disclosed and purpose-aligned, but it means authentication and Better Stack data flow through an external service/CLI boundary.