Nethunt Crm
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real NetHunt CRM integration, but it gives the agent broad CRM API control, including possible edits and deletes, without clear safety guardrails.
Install only if you trust Membrane and intend to let an agent work with your NetHunt CRM. Before allowing write or delete actions, require explicit confirmation, use the least-privileged CRM account available, and be careful with the raw proxy request feature.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could modify or delete business CRM records if it chooses or is prompted to use the direct API path incorrectly.
The skill exposes a broad direct API escape hatch, including mutating and deleting methods, without documenting confirmation, allowed endpoints, rollback, or other guardrails.
When the available actions don't cover your use case, you can send requests directly to the NetHunt CRM API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Use this only with explicit user approval for write/delete operations, prefer scoped pre-built actions, and document safe endpoints and confirmation requirements.
Connecting this skill grants access to NetHunt CRM data through Membrane, and that access may continue until the connection is revoked.
The skill requires delegated account authentication and ongoing credential refresh, which is expected for a CRM integration but still gives the integration meaningful account authority.
Membrane handles authentication and credentials refresh automatically... `membrane login --tenant --clientName=<agentType>`
Use a least-privilege account where possible, review the Membrane and NetHunt authorization screens, and revoke the connection when it is no longer needed.
Installing the CLI runs and trusts code from the npm package ecosystem on the user's machine.
The skill depends on installing an external global npm CLI at the latest version; this is purpose-aligned, but it is not pinned and is not represented by a formal install spec.
npm install -g @membranehq/cli@latest
Install the CLI only from the official package, consider pinning a reviewed version, and avoid running it with unnecessary privileges.
CRM request data may pass through Membrane while the integration operates.
CRM API traffic and authentication handling are routed through Membrane as a gateway/proxy. This is disclosed and purpose-aligned, but it is an important data-flow boundary.
send requests directly to the NetHunt CRM API through Membrane's proxy... Membrane automatically appends the base URL... and injects the correct authentication headers
Review Membrane's data-handling terms and only send CRM data that is appropriate for this integration.