Filescom
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change folders, users, permissions, or shares if prompted incorrectly or if it misinterprets the user's intent, potentially affecting access to business files.
The skill exposes open-ended Files.com management actions, including account and access-control operations, without visible guardrails for confirming or scoping high-impact mutations.
Manage Files, Folders, Users, Groups, Permissions, Shares and more... Use action names and parameters as needed.
Use a least-privilege Files.com account or connection, and require explicit user confirmation before creating, changing, sharing, or permissioning files, folders, users, groups, or links.
The integration may continue to access Files.com through the authenticated connection until the user revokes or removes it.
The skill relies on delegated authentication that may retain access to Files.com through Membrane; this is expected for the integration but is sensitive account authority.
Membrane handles authentication and credentials refresh automatically
Authenticate with the minimum Files.com privileges needed, review Membrane connection permissions, and revoke the connection when it is no longer needed.
The installed CLI version may change over time, and a compromised or unexpected package update could affect local execution.
The setup instructions ask for a global install of the latest CLI package. This is central to the skill's purpose, but it is unpinned and comes from an external package source.
npm install -g @membranehq/cli@latest
Install only from the trusted npm package, consider pinning a reviewed version, and keep the CLI updated through normal trusted channels.
Files.com requests and responses may pass through the Membrane integration layer rather than only between the user and Files.com.
Files.com access is brokered through Membrane, so user data and authentication flows involve an external integration provider.
This skill uses the Membrane CLI to interact with Files.com. Membrane handles authentication and credentials refresh automatically
Review Membrane's privacy and security posture, and avoid connecting accounts or folders beyond what the task requires.