Noyo
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s Noyo purpose is coherent, but it gives an agent broad authenticated API access, including direct write/delete requests, to sensitive benefits data, so it should be reviewed before use.
Install or use this only if you trust Membrane and intend to give the agent access to Noyo data. Use least-privilege credentials, prefer read-only or sandbox connections for testing, and require confirmation before any request that creates, updates, patches, or deletes records.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could change or delete Noyo records, including sensitive employee benefits or eligibility data.
This exposes a raw authenticated API escape hatch, including mutating and destructive HTTP methods, beyond curated actions. In the provided visible text, this broad proxy is not paired with endpoint limits or explicit approval requirements for writes/deletes.
When the available actions don't cover your use case, you can send requests directly to the Noyo API through Membrane's proxy ... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user review before POST, PUT, PATCH, or DELETE requests; prefer discovered, scoped Membrane actions; and show the endpoint, method, and request body before running any mutating operation.
Actions taken through the skill may have the same access level as the authenticated Noyo/Membrane account.
The skill requires delegated Membrane/Noyo account authentication and automatic credential refresh. This is expected for the integration, but commands will operate with the connected account's privileges.
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant --clientName=<agentType>`
Use a least-privilege account or sandbox tenant where possible, verify the connection ID before use, and revoke the connection when it is no longer needed.
The code installed at setup time may differ over time as the npm package changes.
The skill instructs a global npm install using the moving `@latest` tag. This is central to the stated Membrane workflow, but it means the installed CLI version is not pinned by the skill artifact.
`npm install -g @membranehq/cli@latest`
Install the CLI from the trusted npm package source, consider pinning a reviewed version, and avoid running the integration from untrusted environments.