Q2
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: q2-integration Version: 1.0.2 The skill bundle provides instructions for an AI agent to integrate with the Q2 banking platform via the Membrane CLI (@membranehq/cli) and its associated proxy service (getmembrane.com). The SKILL.md file outlines standard procedures for installation, user-authorized authentication, and API interaction, emphasizing security best practices such as centralized credential management to avoid local secret storage. No malicious code, data exfiltration, or harmful prompt injections were identified; the skill's capabilities and instructions are entirely consistent with its stated purpose of managing Q2 data and workflows.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could take high-impact actions in a Q2-connected environment, such as changing business records or initiating payment/refund-like workflows, if the connected account permits it.
The skill grants broad action selection over sensitive financial and business objects. The provided text does not show explicit approval requirements or scoped limits before payment, refund, account, or workflow-changing actions.
Manage data, records, and automate workflows ... **Payment** ... **Refund** ... **Account** ... Use action names and parameters as needed.
Use only with least-privileged Q2/Membrane accounts and require explicit user confirmation for create, update, delete, payment, refund, purchase, or automation actions.
If a highly privileged account is connected, the agent may be able to access or mutate sensitive Q2 data within that account's permissions.
The skill relies on delegated account authentication and automatic credential refresh. This is expected for a Q2 integration, but it gives the connected agent whatever authority the Membrane/Q2 connection grants.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>
Review connection scopes and use a dedicated, least-privileged account where possible; revoke the Membrane/Q2 connection when it is no longer needed.
The behavior depends on the version of the Membrane CLI installed at setup time, which could change after this skill review.
The skill asks for a global npm CLI install using the moving @latest tag. This is normal setup for the Membrane CLI, but it means the reviewed artifact does not pin the exact executable version.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a known CLI version, and avoid installing global npm packages from untrusted environments.
Sensitive Q2 data and actions may pass through a Membrane-managed connector whose exact permissions should be understood before use.
Membrane acts as a gateway/connector between the agent and Q2, and may automatically create a connector. This is disclosed and purpose-aligned, but the provided artifact does not detail data boundaries, scopes, or connector review steps.
If no app is found, one is created and a connector is built automatically.
Inspect the generated connection, verify the app/domain and scopes, and avoid sending unnecessary sensitive records through the integration.