Slope
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent Slope/Membrane integration, but it gives the agent broad authenticated API access, including write and delete methods, without clear scoping or confirmation guidance.
Install only if you are comfortable with Membrane mediating access to your Slope account. Use a limited account if possible, review every write/delete or raw proxy request before execution, and consider pinning the Membrane CLI version.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad authenticated changes to Slope records if it chooses an unsafe action or endpoint.
The skill exposes a raw authenticated API escape hatch, including write and delete methods, for a business data platform without visible instructions to require confirmation or constrain which endpoints/actions are safe.
“you can send requests directly to the Slope API through Membrane's proxy” ... “HTTP method (GET, POST, PUT, PATCH, DELETE)”
Use this only with explicit user approval for POST, PUT, PATCH, DELETE, or raw proxy calls; prefer scoped/read-only actions where possible and review the exact endpoint and payload before running.
The connected Membrane/Slope account may be used for future authenticated actions until access is revoked or the connection is removed.
The skill requires delegated authentication through Membrane and can maintain refreshed credentials, which is expected for the integration but grants account-level authority to the connected service.
“membrane login --tenant --clientName=<agentType>” and “Membrane handles authentication and credentials refresh automatically”
Connect only the intended Slope account, prefer least-privilege access if available, and revoke the Membrane connection when it is no longer needed.
A changed or compromised upstream CLI release could alter what is run locally.
The install/run instructions use the latest npm package rather than a pinned reviewed version; this is common for CLI integrations but means future package changes affect behavior.
“npm install -g @membranehq/cli@latest” and “npx @membranehq/cli@latest action list”
Install the CLI from the official package source, consider pinning a known-good version, and avoid running it in highly sensitive environments without review.
Slope request data and responses may pass through Membrane while the integration is used.
Authenticated Slope API traffic is routed through Membrane as an external gateway; this is disclosed and central to the skill, but users should understand the data boundary.
“send requests directly to the Slope API through Membrane's proxy” and “injects the correct authentication headers”
Confirm that Membrane is an acceptable intermediary for the Slope data involved, and avoid sending unnecessary sensitive data through proxy calls.