Beehiiv
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Beehiiv connector is coherent, but it needs review because it can use Membrane-authenticated access to create, update, or delete newsletter and subscriber data without documented confirmation safeguards.
Install only if you are comfortable using Membrane as the Beehiiv integration layer. Pin or verify the CLI before installing, connect a least-privileged account, and require explicit confirmation before any action that creates, updates, deletes, tags, automates, or otherwise changes Beehiiv content or subscribers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent mistake could delete newsletter posts or subscriber records, or create/change Beehiiv content and audience data.
The skill exposes destructive and content-changing Beehiiv actions through generic action invocation, but the provided instructions do not require explicit user confirmation, scoped publication IDs, previews, or rollback checks before those actions.
Use action names and parameters as needed... Delete Post | delete-post... Delete Subscription | delete-subscription... Create Post | create-post
Require explicit user approval before any create, update, delete, publish, tagging, or automation action; preview the target publication, subscriber, and content before execution.
The connection may continue to allow Beehiiv actions until revoked, and actions will run with the connected account's permissions.
The integration delegates Beehiiv access through Membrane and may retain refreshed credentials. This is expected for the stated integration, but it gives the agent actions the privileges of the connected account.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Beehiiv/Membrane account available, review OAuth/API scopes during connection, and revoke the Membrane connection when it is no longer needed.
The installed CLI version can change over time and has system-wide availability after installation.
The documented setup uses a global npm install with the moving @latest version. This is central to the skill's purpose, but it is unpinned and not represented by a formal install spec.
npm install -g @membranehq/cli@latest
Install from the official package source, pin a reviewed version where possible, and update intentionally rather than relying on @latest.
Subscriber emails, publication details, and action results may pass through the Membrane tooling while the integration is used.
Beehiiv subscriber and publication data is accessed through the Membrane integration layer. That is purpose-aligned, but users should understand this third-party data path.
This skill uses the Membrane CLI to interact with Beehiiv... List Subscriptions | list-subscriptions | Retrieve a list of subscriptions (subscribers)
Avoid using the skill for unnecessary bulk subscriber export, verify Membrane's data-handling terms, and limit outputs to the data needed for the task.