Neon
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Neon/Membrane integration, but it gives the agent broad authenticated API access that could change or delete Neon resources without clear confirmation safeguards.
Before installing, make sure you trust Membrane and the npm CLI package, connect only a least-privileged Neon account, and require explicit approval before the agent performs any data-changing or destructive Neon API request.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could use the connected Neon account to perform broader operations than the user intended, including changing or deleting resources if the wrong endpoint or method is used.
This gives the agent a broad authenticated API escape hatch, including data-changing and destructive HTTP methods, without visible scoping or confirmation requirements in the supplied artifact.
When the available actions don't cover your use case, you can send requests directly to the Neon API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user confirmation before POST, PUT, PATCH, DELETE, or other data-changing operations; prefer prebuilt Membrane actions; review the exact endpoint, method, and request body before running proxy calls.
Membrane and the agent can act through the connected Neon account within whatever permissions the connection has.
The skill relies on delegated authentication and credential refresh for access to Neon through Membrane. This is expected for the integration, but it grants ongoing account authority.
Membrane handles authentication and credentials refresh automatically
Connect only trusted Neon accounts, use the least-privileged account or connection possible, and revoke or disconnect access when the integration is no longer needed.
The code installed from npm at setup time can change over time and runs with the user's local permissions.
The skill asks users to install a global npm package using the moving @latest tag. This is disclosed and purpose-aligned, but unpinned package installation is a supply-chain risk.
npm install -g @membranehq/cli@latest
Install only from a trusted npm source, consider pinning a reviewed CLI version, and avoid installing global packages on highly sensitive systems without review.
Remote setup instructions could influence how the agent proceeds during connection setup.
The skill describes remote response content that may contain instructions for the agent. This can be useful setup guidance, but it should not override the user's request or safety checks.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as untrusted guidance and follow them only when they are consistent with the user's request and the skill's intended Neon workflow.
Neon account data and API responses may pass through Membrane's service while the integration is used.
Neon API requests, responses, and credentialed access are routed through Membrane as a gateway. This is disclosed and purpose-aligned, but it is an important data boundary.
send requests directly to the Neon API through Membrane's proxy... injects the correct authentication headers
Review Membrane's security and privacy posture, avoid sending unnecessary sensitive data, and use a connection with limited permissions where possible.