Semgrep
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Semgrep integration, but it relies on a third-party Membrane CLI/account and can perform Semgrep actions that may change or delete project data.
Before installing, confirm you trust Membrane and are comfortable installing its CLI. Connect a least-privileged Semgrep account, review the permissions granted, and require explicit confirmation before running bulk, policy-changing, scan-changing, or delete actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI grants an external package code execution on the local machine during install and later CLI use.
The skill asks the user to install a global npm CLI at the moving @latest version. This is user-directed and purpose-aligned, but it depends on external package provenance and future package changes.
npm install -g @membranehq/cli@latest
Install only if you trust Membrane, consider pinning a reviewed CLI version, and keep normal npm/package-manager safety practices.
The connected account may allow the agent to view or modify Semgrep data according to the granted Semgrep permissions.
The skill uses Membrane-managed authentication and persistent credential refresh to access Semgrep. This is expected for a Semgrep integration, but it is account-level authority users should understand.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Semgrep account or workspace possible, review OAuth/API-key prompts, and revoke the Membrane connection when it is no longer needed.
A mistaken action could triage many findings, change policy settings, toggle scans, update projects, or delete a Semgrep project.
The listed Semgrep actions include bulk and destructive operations. They are aligned with a management integration, but accidental or overly broad invocation could change security findings, policies, scans, or projects.
Bulk Triage ... Bulk triage your findings ... Delete Project ... Delete a project for a deployment you have access to.
Require explicit user confirmation before bulk, policy-changing, scan-toggling, or delete actions, and inspect action inputs before running them.
If over-trusted, remote instructions could steer the agent beyond the user's intended Semgrep task.
The skill may expose remote service-provided instructions to the agent during connection setup. This is part of the intended flow, but remote instructions should not override the user's task or safety boundaries.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat clientAction.agentInstructions as advisory connection-context data and keep user approval for sensitive or account-mutating steps.