Gitea
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Gitea integration that uses Membrane login and can perform powerful repository actions, including deletion, so users should confirm the target account and destructive actions.
Before installing, make sure you trust Membrane and the Membrane CLI, connect only the intended Gitea instance/account, review the action and parameters before running it, and require explicit confirmation for repository deletion or other irreversible changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong repository or without confirmation, the agent could change or delete important Gitea data.
The skill documents mutation and deletion actions for Gitea repositories. These are aligned with a repository-management integration, but they can permanently affect user or organization data.
| Update Repository | update-repository | Edit a repository's properties. |\n| Delete Repository | delete-repository | Delete a repository |
Require an explicit user request and confirmation before running create, update, delete, or other irreversible Gitea actions.
The connected Membrane/Gitea account may allow the agent to read and modify repositories according to the granted permissions.
The integration relies on delegated authentication and ongoing credential refresh through Membrane. This is expected for a Gitea integration, but it grants account access through a third-party CLI/service.
Membrane handles authentication and credentials refresh automatically
Authenticate only to the intended Gitea instance, review requested scopes, use the least-privileged account practical, and revoke the connection when no longer needed.
The behavior of the CLI may change over time, and the installed package is outside the reviewed skill artifact.
The setup instructions install a global CLI package using the latest available version. This is central to the skill's purpose, but it is not pinned to a reviewed version.
npm install -g @membranehq/cli@latest
Install the Membrane CLI from the official package source, consider pinning a known-good version, and keep it updated through normal trusted channels.
Some integration behavior may be determined by Membrane-generated connector logic rather than files reviewed in this skill package.
The skill may rely on a dynamically built connector that is not included in the supplied artifacts. This appears to be part of the Membrane integration model, but users should recognize that behavior comes from the external platform.
If no app is found, one is created and a connector is built automatically.
Use this with trusted Gitea domains and review the actions returned by Membrane before running high-impact operations.
Provider-supplied setup instructions could influence the agent's next steps during connection setup.
The skill allows Membrane connection responses to provide procedural instructions to the agent. This is useful for setup, but external instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as advisory and limited to the requested Gitea connection task; do not let them override user intent or approve destructive actions.