Httpsms
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is mostly a normal HttpSMS/Membrane integration, but it can send bulk SMS, delete SMS resources, and use a broad authenticated API proxy without clear built-in confirmation or scope limits.
Review this skill carefully before installing. It is appropriate if you want Membrane-managed HttpSMS access, but require the agent to ask before sending SMS, bulk messaging, deleting resources, or using raw API proxy calls. Use a dedicated or least-privileged account if possible, confirm recipients and message content, and revoke the connection when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad action could send texts to recipients, send bulk messages, incur SMS costs, or delete messages/webhooks from the connected account.
The skill gives the agent paths to run high-impact SMS/account mutations and a broad authenticated raw API proxy, but the artifact does not specify confirmation, recipient review, cost checks, or deletion safeguards.
Popular actions include `Delete Webhook`, `Delete Message Thread`, `Delete Message`, `Send Bulk Messages`, `Send Message`; proxy requests support `GET, POST, PUT, PATCH, DELETE` and Membrane `injects the correct authentication headers`.
Require explicit user confirmation for sending, bulk sending, deleting, or raw proxy requests; show the exact recipients, message body, and affected resources before running; prefer scoped actions over the raw proxy.
Whoever can use the configured connection may be able to act on the connected HttpSMS account within the permissions granted.
The skill requires delegated account access through Membrane and stores/refreshes the connection for later use. This is expected for an API integration, but it is sensitive authority.
Membrane handles authentication and credentials refresh automatically ... The user completes authentication in the browser. The output contains the new connection id.
Connect only the intended HttpSMS account, use the least-privileged account or token available, and revoke the Membrane connection when it is no longer needed.
Future installs may receive a different CLI version than the one reviewed, and a global CLI has broad local execution capability.
The skill directs installation of a global third-party CLI using the moving `latest` tag. This is central to the Membrane workflow, but the exact package version is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install the CLI only from the official package source, consider pinning a specific reviewed version, and keep it updated through trusted channels.