Slicknode
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Slicknode/Membrane integration, but it can make broad authenticated changes to Slicknode data, so users should review it carefully before allowing mutations or deletes.
Install only if you trust Membrane and intend to let the agent work with Slicknode data. Use a least-privileged connection, review all mutations, DELETEs, and raw proxy requests before execution, and consider pinning or verifying the Membrane CLI package.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misinterprets a request or runs an overly broad mutation or DELETE request, it could change or remove Slicknode records or application data.
The skill documents both direct GraphQL mutation capability and a broad authenticated proxy that supports modifying or deleting data, without documented confirmation or scoping safeguards.
- **GraphQL Mutation** — Execute a GraphQL mutation. ... `membrane request CONNECTION_ID /path/to/endpoint` ... `HTTP method (GET, POST, PUT, PATCH, DELETE)`
Require explicit user approval before mutations, DELETE requests, or raw proxy calls; prefer read-only queries or discovered actions when possible, and limit actions to specific connections, models, and records.
Actions performed through the skill may have the same access as the connected Membrane/Slicknode account.
The skill requires delegated authentication through Membrane and will operate with the privileges of the connected account; this is expected for the integration but security-relevant.
This skill uses the Membrane CLI to interact with Slicknode. Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant --clientName=<agentType>`
Use the least-privileged account or connection that can complete the task, review requested access during login, and revoke the connection when it is no longer needed.
The CLI behavior may change as the latest npm package changes, and users are trusting the npm package source.
The setup relies on installing the latest global npm CLI package, which is normal for this integration but means the reviewed skill does not pin the exact executable version.
`npm install -g @membranehq/cli@latest`
Install from the official package source, consider pinning a known-good CLI version, and verify the package before use in sensitive environments.
Slicknode request data and responses may pass through Membrane as part of the integration.
API requests and responses are routed through Membrane's proxy, creating a third-party gateway/data-flow boundary that users should be aware of.
send requests directly to the Slicknode API through Membrane's proxy ... injects the correct authentication headers
Avoid sending unnecessary sensitive data, confirm that Membrane is an acceptable intermediary for the workspace, and review provider privacy/security settings.