Outfit
Security checks across malware telemetry and agentic risk
Overview
This looks like a legitimate Outfit integration, but it gives the agent broad authenticated API access that could change or delete Outfit account data without clear approval limits.
Review this skill before installing. It appears purpose-aligned for managing Outfit through Membrane, but only use it with a least-privileged account and require explicit user approval before any API call that creates, updates, deletes, changes settings, manages users, or affects billing.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make broad changes to Outfit data, settings, or records if a task is misunderstood or a prompt asks it to use the proxy directly.
The skill gives the agent a raw authenticated API escape hatch with mutating and deleting methods, without artifact-backed limits or confirmation requirements for high-impact actions.
When the available actions don't cover your use case, you can send requests directly to the Outfit API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use this only for specific, user-approved tasks. Require explicit confirmation before POST, PUT, PATCH, or DELETE requests, and review the endpoint, method, and request body before running them.
Installing and using the skill can give the agent access through a connected Membrane/Outfit account, potentially with whatever permissions that account has.
The integration depends on delegated account credentials that may be refreshed automatically. This is expected for the stated purpose, but it is sensitive authority.
Membrane handles authentication and credentials refresh automatically
Connect with the least-privileged Outfit account that can complete the task, review granted permissions, and revoke the connection when it is no longer needed.
The behavior of the skill depends on whatever version of the Membrane CLI is current at install time.
The setup instructs a global install of the latest CLI package. This is central to the skill's purpose, but it is not pinned to a reviewed version.
npm install -g @membranehq/cli@latest
Install only from a trusted npm environment, consider pinning a known CLI version, and review Membrane CLI provenance before use.
Task data sent to Outfit through this workflow may also pass through Membrane infrastructure.
Outfit API traffic and authenticated requests are routed through Membrane as a proxy/gateway. This is disclosed and purpose-aligned, but it is an additional data and trust boundary.
send requests directly to the Outfit API through Membrane's proxy. Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers
Avoid sending unnecessary sensitive data, and ensure the user is comfortable with Membrane acting as the authenticated integration gateway.