Rewardful
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Membrane-based Rewardful integration, but it gives the agent broad authenticated Rewardful API power, including direct write/delete requests, without clear approval or scope limits.
Before installing, make sure you trust Membrane and the npm CLI package, connect only the intended Rewardful tenant/account, and require explicit review before the agent creates, updates, or deletes any Rewardful records. Prefer read-only or prebuilt scoped actions when possible, and revoke the Membrane connection when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could create, change, or delete Rewardful business data such as affiliates, customers, subscriptions, commissions, or products.
The skill exposes a raw authenticated API escape hatch, including write and delete methods, without visible approval, endpoint, or record-level limits.
When the available actions don't cover your use case, you can send requests directly to the Rewardful API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user confirmation for all non-read operations, prefer prebuilt scoped actions, preview endpoint/body/record IDs before execution, and document rollback or audit expectations.
A misleading or compromised connector response could nudge the agent toward unexpected setup steps or tool calls if treated as authoritative.
The workflow allows external connection responses to include instructions directed at the agent. This is disclosed and part of the Membrane setup flow, but those instructions should remain subordinate to the user request and system policy.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned `agentInstructions` as untrusted guidance limited to the current connection setup, and ignore any instruction that changes the user’s goal, requests unrelated data, or bypasses confirmation.
The connection can continue accessing the authorized Rewardful account until the user revokes or changes the authorization.
The skill requires authenticated access to Membrane and Rewardful. This is expected for the stated integration, but it grants delegated account access that persists through credential refresh.
Membrane handles authentication and credentials refresh automatically — so you can focus on the integration logic rather than auth plumbing.
Use the least-privileged Rewardful/Membrane account available, confirm the correct tenant/workspace, and revoke the connection when it is no longer needed.
A changed or compromised npm package version could affect what code runs locally when using the skill.
The setup relies on installing the latest global npm CLI package, which is not pinned in an install spec. This is user-directed and central to the skill, but users must trust the external package source.
npm install -g @membranehq/cli@latest
Install the CLI only from the expected Membrane npm package, consider pinning a reviewed version, and verify the package source before use.
Rewardful account data and API operations may be visible to or mediated by Membrane according to its service design and policies.
Rewardful API requests and authenticated headers are routed through Membrane as a gateway. This is disclosed and purpose-aligned, but it is a sensitive third-party data path.
you can send requests directly to the Rewardful API through Membrane's proxy... injects the correct authentication headers
Review Membrane’s trust, privacy, and access model before connecting sensitive Rewardful accounts, and avoid sending unnecessary data through proxy requests.