v1.0.4

Eden Ai

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 3:26 PM.

Analysis

The skill is mostly a normal Eden AI/Membrane integration, but it asks the agent or user to install and run an unpinned global npm CLI despite being listed as instruction-only.

GuidanceBefore installing, verify that you trust Membrane's CLI package, prefer a pinned version instead of @latest, and approve any global npm installation. Use a dedicated Eden AI/Membrane account or connection if possible, and do not send sensitive documents, images, audio, or text unless you are comfortable with the external provider data flow.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill tells the agent to consider dynamically returned instructions from Membrane during connection setup. This is purpose-aligned, but the agent should not let returned instructions override the user's requested task.

User impactRemote connection guidance could influence what the agent does next during setup.

RecommendationOnly follow returned agent instructions when they are clearly related to the user's Eden AI task and do not override user intent.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Use `membrane connection ensure` to find or create a connection by app URL or domain

The skill uses a CLI command that can create a Membrane connection. This is aligned with the integration purpose, but it is a state-changing tool action.

User impactThe agent may create or update a Membrane connection as part of using Eden AI.

RecommendationConfirm connection creation and authentication steps before allowing the agent to proceed.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npm install -g @membranehq/cli@latest

The skill instructs a global install of an npm package using the moving `latest` tag. That is an unpinned supply-chain dependency and is not represented as a formal install spec.

User impactThe installed CLI version can change over time, and a global install can affect the user's local environment.

RecommendationPrefer a pinned, reviewed CLI version and avoid global installation unless the user explicitly approves it.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npx @membranehq/cli connection get <id> --wait --json

The skill can run an npm-hosted CLI through `npx`, which may download and execute package code. This is notable because the skill is otherwise described as instruction-only with no install spec.

User impactFollowing the instructions can execute external package code on the local machine.

RecommendationRun the CLI only after verifying the package source and version, and prefer an explicitly installed pinned version.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

Membrane handles authentication and credentials refresh automatically

The skill requires delegated authentication and credential refresh through Membrane. This matches the Eden AI integration purpose and the capability signals, but it gives persistent account-level authority.

User impactUsing the skill may create a persistent authenticated connection to Eden AI through Membrane.

RecommendationUse only the account and connection you intend to grant, and revoke or disconnect the integration when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

`clientAction.description` — human-readable explanation of what's needed.

The agent is expected to read returned connection guidance from an external service. This is not persistent memory, but it is retrieved context that should not be over-trusted.

User impactService-provided descriptions could influence the agent's next steps during authentication or setup.

RecommendationTreat returned descriptions as task-specific guidance, not as higher-priority instructions than the user's request.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Eden AI is an AI API hub that allows users to access and compare different AI models from various providers through a single platform.

The skill routes work through Eden AI and Membrane to third-party AI providers. This is the point of the integration, but the artifacts do not detail provider-by-provider data handling boundaries.

User impactText, images, audio, documents, or other inputs may be sent through Membrane/Eden AI to external AI providers.

RecommendationAvoid sending sensitive content unless the user accepts Eden AI, Membrane, and provider data handling terms.