Hydrogen
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill asks for credentialed Membrane/API access while its Hydrogen identity and target are inconsistent, and it exposes broad raw API actions that could change or delete data.
Review this skill carefully before installing. Confirm which Hydrogen service it is meant to connect to, what account permissions Membrane will receive, and avoid allowing the agent to run raw POST/PUT/PATCH/DELETE proxy requests unless you explicitly approve the exact action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could authenticate to the wrong service or perform actions under a mistaken understanding of what Hydrogen data is being managed.
The skill presents conflicting identities and documentation sources for Hydrogen, making it unclear which service the user is actually connecting to or authorizing.
Hydrogen is a local music production application... Official docs: https://shopify.dev/docs/custom-storefronts/hydrogen ... membrane connection ensure "https://hydrogenplatform.com"
Do not install until the publisher clarifies the exact Hydrogen product, official documentation, expected connection URL, and supported data objects.
If the agent chooses the wrong endpoint or parameters, it could change or delete Hydrogen account data using the user's authenticated connection.
The skill grants an authenticated raw API escape hatch with mutating and deleting HTTP methods, but does not clearly require user approval, constrain endpoints, or describe rollback safeguards.
When the available actions don't cover your use case, you can send requests directly to the Hydrogen API through Membrane's proxy... injects the correct authentication headers... HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user confirmation before any POST, PUT, PATCH, or DELETE request; prefer discovered read-only actions first; and document safe scopes and rollback expectations.
Installing or using the skill may create persistent account access that is broader than the registry metadata suggests.
The skill requires delegated Membrane and external app authentication with automatic credential refresh, while the registry requirements list no primary credential or required environment variables.
This skill uses the Membrane CLI to interact with Hydrogen. Membrane handles authentication and credentials refresh automatically... membrane login --tenant... The user completes authentication in the browser.
The skill should declare its credential requirements, explain where access is stored, what scopes are requested, and how users can revoke the Membrane/Hydrogen connection.
Users will run whatever version of the Membrane CLI is current at the time, which may differ from the version reviewed here.
The setup uses the latest npm package version rather than a pinned version. This is disclosed and central to the Membrane integration, but it depends on external package provenance at install/run time.
npm install -g @membranehq/cli@latest ... npx @membranehq/cli@latest action list
Prefer a pinned CLI version and verify the package source before installation, especially in sensitive environments.