Google My Business
Analysis
This skill appears aimed at Google Business management, but it asks for persistent Membrane/Google authorization, an unpinned global CLI install, and exposes destructive business-profile actions without clear approval limits.
Findings (9)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill allows runtime service output to contain instructions directed at the agent. This is purpose-aligned for connection setup, but those instructions should not become more authoritative than the user's goal.
| Delete Location | delete-location | Deletes a location from Google My Business. | ... | Update Location | update-location | Updates an existing location's information. |
The documented tool actions can delete or modify Google business listings, which are high-impact third-party account and public-profile operations. The instructions do not add explicit approval, scope, or rollback requirements before using them.
`npm install -g @membranehq/cli@latest`
The skill instructs installation of a globally available npm package using the moving @latest tag, which is unpinned and can change over time.
`npm install -g @membranehq/cli@latest` ... `npx @membranehq/cli connection get <id> --wait --json`
The instruction-only skill still asks the user or agent to install and run external CLI code. This is disclosed and related to the integration, but it expands local execution beyond static instructions.
Google My Business helps local businesses manage their online presence across Google, including Search and Maps ... | Delete Location | delete-location | Deletes a location from Google My Business. |
A destructive or incorrect action can affect a business's public presence on Google Search and Maps. The instructions do not describe containment, rollback, or staged review for these changes.
Membrane handles authentication and credentials refresh automatically — so you can focus on the integration logic rather than auth plumbing.
The wording frames credential handling as convenience. It is not inherently deceptive, but users should still understand that automatic credential refresh is a sensitive delegation of trust.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant --clientName=<agentType>`
The skill delegates account authentication and credential refresh to Membrane, but the artifacts do not define the Google OAuth scopes, role requirements, revocation process, or least-privilege boundaries for the agent.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Use `membrane connection ensure` to find or create a connection ... The output contains the new connection id.
The skill creates reusable connection state that can be referenced later. This is expected for an integration, but persistent connection context should not be over-trusted across unrelated tasks.
This skill uses the Membrane CLI to interact with Google My Business. Membrane handles authentication and credentials refresh automatically
Membrane acts as an intermediary between the agent and Google My Business. This is disclosed and purpose-aligned, but the artifact does not detail data-boundary or permission separation between the agent, Membrane, and Google.