Oracle Cloud Hcm
Security checks across malware telemetry and agentic risk
Overview
This looks like a legitimate Oracle HCM integration, but it can make broad authenticated changes to sensitive HR records through Membrane without clear approval or scope limits in the provided instructions.
Install only if you trust Membrane and are authorized to connect it to Oracle HCM. Use a least-privileged HCM account, review every action or proxy request before execution, avoid direct POST/PUT/PATCH/DELETE requests unless the user explicitly approves them, and consider pinning the Membrane CLI version.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs the wrong proxy request, it could create, update, or delete Oracle HCM records using the connected account's permissions.
This exposes a broad authenticated API escape hatch, including destructive methods, for a system that can contain sensitive HR, payroll, workforce, and employee records. The provided instructions do not show explicit user confirmation or scoping for high-impact mutations.
When the available actions don't cover your use case, you can send requests directly to the Oracle Cloud HCM API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Use direct proxy requests only after explicit user approval, prefer scoped Membrane actions, use a least-privileged Oracle HCM account, and require review of endpoint, method, payload, and expected impact before any write or delete operation.
The skill can act with the permissions of the connected Oracle HCM account, which may include access to sensitive employee and business data.
Credential handling is expected for an Oracle HCM integration, but it delegates sensitive account authority and refresh behavior through Membrane.
Membrane handles authentication and credentials refresh automatically... injects the correct authentication headers
Connect only accounts with the minimum permissions needed, review the OAuth/connection scopes, and revoke the Membrane connection when it is no longer needed.
A future or compromised CLI release could change behavior from what was reviewed here.
The skill asks the user to install a global npm CLI using the moving `@latest` tag. This is central to the skill's purpose, but the exact code installed can change over time.
npm install -g @membranehq/cli@latest
Install from a trusted source, consider pinning a specific Membrane CLI version, and follow your organization's package approval process.
External setup responses could steer what the agent does during connection or configuration.
The skill may receive dynamic instructions from the external connection workflow. That can be useful, but those instructions should not override the user's intent or safety checks.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as untrusted guidance, validate them against the user's request, and ask the user before following instructions that affect credentials, permissions, or data changes.
Employee or HR data returned by Oracle HCM may pass through Membrane before reaching the agent.
Sensitive HCM API traffic is routed through Membrane as a gateway. The provided artifact discloses the proxy but does not describe retention, logging, or data-boundary details.
send requests directly to the Oracle Cloud HCM API through Membrane's proxy... injects the correct authentication headers
Review Membrane's privacy, logging, and data-retention terms before use, especially for payroll, employee, or regulated HR data.