Nextcloud
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Nextcloud integration, but it gives the agent broad authenticated ability to run Nextcloud API actions, including changes and deletes, without clear visible guardrails.
Install only if you are comfortable letting Membrane and the agent access your Nextcloud account. Use a least-privilege account, confirm any delete/update/admin action before it runs, and prefer scoped built-in actions over raw proxy requests.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could modify or delete Nextcloud files, shares, calendars, contacts, groups, or user-related data using the connected account's permissions.
This exposes a raw authenticated API path, including destructive HTTP methods, without visible limits or confirmation requirements for high-impact Nextcloud operations.
you can send requests directly to the Nextcloud API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE)
Only allow clearly user-requested operations, require explicit confirmation before POST/PUT/PATCH/DELETE or admin actions, prefer scoped Membrane actions over raw proxy calls, and use a least-privilege Nextcloud account.
The connected Membrane/Nextcloud account may allow the agent to access or change sensitive cloud data according to that account's privileges.
The skill relies on delegated Membrane/Nextcloud authentication with refresh, which is expected for the stated integration but grants ongoing account-level access.
Membrane handles authentication and credentials refresh automatically
Use a least-privilege account or scoped connection where possible, review active Membrane connections, and revoke or disconnect access when it is no longer needed.
Installing the CLI globally gives the npm package influence over the user's local environment; future latest versions may differ from what was reviewed here.
The setup uses a globally installed npm package pinned to latest, so the executed CLI code is external to the skill artifact and may change over time.
npm install -g @membranehq/cli@latest
Install only from the trusted Membrane npm package, consider pinning a known version, and use an isolated environment if possible.
Private files, contacts, calendar data, or administrative responses could be handled by Membrane as part of normal operation.
The integration routes authenticated Nextcloud requests through Membrane's proxy, so sensitive request and response data may pass through that provider.
send requests directly to the Nextcloud API through Membrane's proxy... injects the correct authentication headers
Use this only if you trust Membrane for the relevant data, review its privacy/security terms, and avoid sending unnecessary sensitive content through the proxy.