Bytenite
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent ByteNite/Membrane connector, but it gives the agent broad authenticated API access, including possible changes or deletes, without clear safety limits.
Review before installing. Use this only if you trust Membrane and are comfortable connecting your ByteNite account. Prefer discovered, scoped actions, and tell the agent to ask before making any write, update, delete, or raw proxy request.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad authenticated ByteNite API calls and potentially change or delete ByteNite records if instructed or if it misinterprets a task.
This exposes a broad credentialed API escape hatch, including mutating and deleting methods, without visible scoping or confirmation requirements in the provided text.
When the available actions don't cover your use case, you can send requests directly to the ByteNite API through Membrane's proxy ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Use pre-built Membrane actions when possible, and require explicit user confirmation before any POST, PUT, PATCH, or DELETE request or any action that changes account data.
Installing and using the skill may let the agent operate through an authenticated Membrane connection to ByteNite.
The skill requires delegated Membrane/ByteNite authentication and automatic credential refresh; this is purpose-aligned but sensitive.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Authenticate only with the account and permissions needed, review the connection created in Membrane, and revoke it when no longer needed.
The reviewed SKILL.md does not determine all runtime behavior; the installed CLI and generated connector may change over time.
The skill relies on an external unpinned npm CLI and potentially an automatically built connector outside the reviewed artifact set.
npm install -g @membranehq/cli@latest ... npx @membranehq/cli@latest action list ... If no app is found, one is created and a connector is built automatically.
Install the CLI only from trusted sources, prefer a pinned version when possible, and review Membrane's generated connector/actions before using them for sensitive operations.
ByteNite requests and related response data may pass through Membrane infrastructure rather than going directly from the agent to ByteNite.
ByteNite API traffic and authentication are mediated through Membrane as a gateway, which is disclosed and expected but is still a sensitive data boundary.
send requests directly to the ByteNite API through Membrane's proxy ... injects the correct authentication headers — including transparent credential refresh
Confirm that Membrane is an acceptable intermediary for your ByteNite data and credentials, especially for financial or infrastructure-cost information.