Getresponse
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is purpose-aligned for GetResponse, but it gives the agent broad authenticated API access that could change or delete marketing data without clear approval guardrails.
Install only if you are comfortable giving Membrane and the agent authenticated access to your GetResponse account. Use a least-privileged or test account where possible, require confirmation before sends, deletes, bulk updates, or automation changes, and prefer scoped actions over raw proxy API calls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could make unintended changes to GetResponse contacts, campaigns, newsletters, workflows, or other marketing resources if a request is misunderstood or run too broadly.
This provides a raw authenticated API escape hatch, including destructive methods, without clear endpoint limits or explicit confirmation requirements for high-impact account changes.
When the available actions don't cover your use case, you can send requests directly to the GetResponse API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user approval for POST, PUT, PATCH, DELETE, sending campaigns, bulk updates, and workflow changes; prefer narrowly scoped Membrane actions over raw proxy requests.
The agent can act through a connected GetResponse account with whatever permissions the Membrane connection receives.
The skill requires delegated authentication through Membrane and persistent credential refresh, which is expected for the integration but grants account-level access.
Membrane handles authentication and credentials refresh automatically... membrane login --tenant --clientName=<agentType>
Use the least-privileged GetResponse account available, review OAuth/API scopes during connection, and disconnect or revoke access when finished.
Installing a global, unpinned CLI means future package changes could affect what code runs locally.
The skill asks the user to install the latest global Membrane CLI package from npm; this is purpose-aligned but not version-pinned.
npm install -g @membranehq/cli@latest
Install only from the official package source, consider pinning a known-good version, and avoid global installation if your environment supports a safer local install.
GetResponse account data may pass through Membrane while the agent performs requested operations.
Requests and responses are mediated by Membrane as a gateway, so GetResponse data and authentication handling depend on that third-party service boundary.
send requests directly to the GetResponse API through Membrane's proxy... injects the correct authentication headers
Review Membrane's data handling and retention terms before connecting sensitive marketing or customer-contact data.