Q2
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only Q2 integration is coherent, but it can access or change sensitive financial/business data and lacks visible confirmation safeguards for high-impact actions.
Review this skill before installing. If you use it, trust and verify the Membrane CLI source, connect only the Q2 account and scopes needed, and require explicit confirmation before any payment, refund, purchase, deletion, record update, or workflow automation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could take high-impact actions in a Q2-connected environment, such as changing business records or initiating payment/refund-like workflows, if the connected account permits it.
The skill grants broad action selection over sensitive financial and business objects. The provided text does not show explicit approval requirements or scoped limits before payment, refund, account, or workflow-changing actions.
Manage data, records, and automate workflows ... **Payment** ... **Refund** ... **Account** ... Use action names and parameters as needed.
Use only with least-privileged Q2/Membrane accounts and require explicit user confirmation for create, update, delete, payment, refund, purchase, or automation actions.
If a highly privileged account is connected, the agent may be able to access or mutate sensitive Q2 data within that account's permissions.
The skill relies on delegated account authentication and automatic credential refresh. This is expected for a Q2 integration, but it gives the connected agent whatever authority the Membrane/Q2 connection grants.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>
Review connection scopes and use a dedicated, least-privileged account where possible; revoke the Membrane/Q2 connection when it is no longer needed.
The behavior depends on the version of the Membrane CLI installed at setup time, which could change after this skill review.
The skill asks for a global npm CLI install using the moving @latest tag. This is normal setup for the Membrane CLI, but it means the reviewed artifact does not pin the exact executable version.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a known CLI version, and avoid installing global npm packages from untrusted environments.
Sensitive Q2 data and actions may pass through a Membrane-managed connector whose exact permissions should be understood before use.
Membrane acts as a gateway/connector between the agent and Q2, and may automatically create a connector. This is disclosed and purpose-aligned, but the provided artifact does not detail data boundaries, scopes, or connector review steps.
If no app is found, one is created and a connector is built automatically.
Inspect the generated connection, verify the app/domain and scopes, and avoid sending unnecessary sensitive records through the integration.