Botpress
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Botpress integration, but it can access and change Botpress data through Membrane, so users should confirm actions before running them.
Before installing, make sure you trust Membrane and the npm CLI package, log in with the correct tenant/account, and require explicit confirmation before any Botpress action that sends messages, updates records, or deletes users/conversations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong action or parameters are chosen, the agent could change or delete Botpress customer/chat data.
The skill documents a generic action runner and lists Botpress actions that can send messages, update users, and delete users or conversations. This is purpose-aligned for managing Botpress, but these are high-impact operations.
membrane action run <actionId> --connectionId=CONNECTION_ID --json ... Create Message ... Update User ... Delete User ... Delete Conversation
Confirm the connection, action name, parameters, and user intent before running create, update, send, or delete actions.
The skill may act with the permissions of the connected Membrane/Botpress account.
The integration requires authentication through Membrane and uses refreshed credentials to access Botpress. This is expected for the integration, but users should understand which account and tenant are being authorized.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Use the intended Membrane tenant and Botpress account, and avoid granting broader access than needed.
A future CLI release could behave differently from the version reviewed here.
The setup asks the user to install a global npm CLI package using the moving latest tag. This is user-directed and central to the skill, but the exact installed version is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install from the official npm source and consider pinning or reviewing the CLI version in sensitive environments.