Nutshell
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Nutshell CRM connector, but it requires trusting Membrane with delegated access and can create or update CRM records.
Before installing, make sure you trust the Membrane CLI and service, connect only the intended Nutshell account, and have the agent confirm details before creating or updating CRM records. Revoke the connection when it is no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The connected service may be able to access Nutshell CRM data under the user's authorized account.
The skill delegates authentication and ongoing credential refresh to Membrane for access to the user's Nutshell account.
Membrane handles authentication and credentials refresh automatically
Connect only the intended Nutshell account, prefer least-privileged access where available, and know how to revoke the Membrane/Nutshell connection.
An incorrect prompt or mistaken action selection could create or modify CRM records.
The documented Nutshell actions include CRM write operations. These are aligned with the skill's purpose, but they can change business records.
Create Lead | create-lead | Create a new lead ... Update Lead | update-lead | Update an existing lead
Review target record IDs and field changes before allowing create or update actions, especially in production CRM workspaces.
The installed CLI version could change over time, so users are trusting the latest published package at install time.
The setup uses a globally installed npm package with the moving @latest version tag. This is normal for a CLI-based integration, but it depends on the current package version.
npm install -g @membranehq/cli@latest
Install from the official npm package source, consider pinning a known version if your environment requires reproducibility, and keep the CLI updated deliberately.
Nutshell CRM data and connection metadata may be handled through Membrane as part of normal operation.
The skill uses Membrane as an intermediary for interacting with Nutshell, so CRM requests and authentication flows involve an external service boundary.
This skill uses the Membrane CLI to interact with Nutshell
Review Membrane's security and privacy practices before connecting sensitive CRM data, and limit use to data the user is comfortable processing through that service.