Octopus Deploy
WarnAudited by ClawScan on May 10, 2026.
Overview
This Octopus Deploy skill is coherent, but it should be reviewed because it gives an agent authenticated raw API access that can change or delete deployment resources without visible approval safeguards.
Install only if you are comfortable giving Membrane-mediated access to your Octopus Deploy environment. Use a dedicated least-privilege Octopus account, require explicit approval for any write/delete/deployment/user-management action, and avoid using this first against production resources.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change or delete deployment-platform resources, users, infrastructure, or configuration if given a powerful Octopus connection.
The skill gives the agent broad authenticated control over Octopus Deploy, including a raw API proxy that can perform mutating and destructive HTTP methods, without visible confirmation or scoping safeguards.
Manage Projects, Accounts, Certificates, Feeds, Infrastructures, Users and more... Proxy requests... HTTP method (GET, POST, PUT, PATCH, DELETE)
Use a least-privilege Octopus account, require explicit user approval before POST/PUT/PATCH/DELETE or deployment actions, prefer predefined actions over raw proxy calls, and test in non-production first.
If the connected Octopus account is highly privileged, the agent may be able to perform broad administrative actions.
The skill relies on delegated Octopus credentials managed through Membrane; this is expected for the integration, but the privileges of that connection determine what the agent can do.
Membrane handles authentication and credentials refresh automatically... injects the correct authentication headers
Connect with a dedicated, least-privilege account or token, review granted scopes, and revoke the Membrane connection when no longer needed.
The behavior may change as the latest CLI package changes, and a global install affects the user's environment.
The skill asks the user to install a global npm CLI at the latest version. This is central to the skill's purpose, but it is unpinned and not represented in the registry install spec.
npm install -g @membranehq/cli@latest
Install only from the official npm package, consider pinning a reviewed version, and avoid global installs on sensitive production hosts.
A remote workflow response could influence what the agent does next during connection setup.
The skill allows dynamic instructions returned by the Membrane connection workflow to guide agent behavior. This appears intended for setup, but such instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as untrusted workflow hints, and require user confirmation before acting on any instruction that changes account state or expands permissions.
Deployment metadata, configuration details, and action results may pass through a third-party integration provider.
The integration routes Octopus API requests and responses through Membrane's proxy. This is disclosed and purpose-aligned, but it creates an external data boundary for potentially sensitive deployment information.
send requests directly to the Octopus Deploy API through Membrane's proxy
Review Membrane's data handling policies, avoid sending secrets in request bodies unless necessary, and use the minimum Octopus permissions needed.