Grafbase
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is broadly aligned with Grafbase management, but it gives the agent authenticated mutation and raw API proxy capabilities without clear approval or scope limits.
Review this skill before installing. It appears to be a legitimate Grafbase/Membrane integration, but only use it with accounts and projects where the agent is allowed to make changes. Ask the agent to confirm before running mutations, proxy requests, billing changes, secret changes, or deletes, and consider using least-privilege credentials.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change Grafbase projects, data, secrets, or billing-related configuration if given or inferred the wrong instruction.
The skill exposes authenticated mutation and raw proxy request capabilities, but the artifacts do not add clear confirmation, scoping, or rollback guidance for high-impact Grafbase changes.
Execute GraphQL Mutation | graphql-mutation | Execute a GraphQL mutation against the Grafbase endpoint ... When the available actions don't cover your use case, you can send requests directly to the Grafbase API through Membrane's proxy.
Require explicit user approval for mutations, deletes, secret changes, billing changes, and proxy requests; prefer read-only queries unless the user clearly asks for a change.
The skill can act through the connected Membrane/Grafbase account, so mistakes may affect real projects or account resources.
The integration needs delegated account access and persistent credential refresh, which is expected for Grafbase management but should be treated as sensitive authority.
Membrane handles authentication and credentials refresh automatically
Use a least-privileged account or connection where possible, and revoke the Membrane/Grafbase connection when it is no longer needed.
The behavior depends on whatever version of the Membrane CLI npm serves at install time.
The documented setup installs a global npm CLI at the latest version; this is central to the skill but is unpinned and not analyzed as part of the provided artifacts.
npm install -g @membranehq/cli@latest
Pin or review the CLI version before installation, and install it only from the expected npm package source.
Sensitive Grafbase data or project details may pass through Membrane as part of normal operation.
Grafbase API requests may be routed through Membrane as an authenticated proxy, creating an additional service boundary for request and response data.
send requests directly to the Grafbase API through Membrane's proxy. Membrane automatically appends the base URL to the path you provide and injects the correct authentication
Only use the proxy for necessary requests, avoid sending unnecessary sensitive data, and ensure the user trusts Membrane for this account access.
A remote setup response could influence what the agent does next if not bounded by the user's request.
The skill tells the agent it may receive programmatic instructions from a connection response; this can be useful setup guidance, but the agent should not treat remote instructions as overriding the user's goal.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as untrusted hints and confirm with the user before following instructions that change scope, tools, or account state.