Square
Security checks across malware telemetry and agentic risk
Overview
This Square integration is broadly purpose-aligned, but it asks for credentialed access to high-impact payment/business data through an unscoped CLI workflow, so it should be reviewed carefully before use.
Before installing, confirm that you trust Membrane and the npm CLI package, review the Square permissions requested during login, and require explicit confirmation for any payment, refund, customer, bank-account, or other business-data changes.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could potentially perform sensitive Square actions, such as changing business data or initiating payment-related workflows, without the skill itself requiring an explicit confirmation step.
This gives the agent broad discretion to invoke actions and choose parameters, but the skill does not define approval requirements or limits for high-impact Square operations.
Use action names and parameters as needed.
Only use this skill for clearly requested Square tasks, and require user confirmation before creating, updating, deleting, refunding, charging, or otherwise mutating financial or business records.
Granting access could allow the connected agent workflow to operate on sensitive Square account data beyond the specific task the user had in mind.
The skill relies on delegated authenticated access and automatic credential refresh, but it does not clearly state the Square OAuth scopes, permission limits, or revocation guidance.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged Square/Membrane connection available, review requested scopes during authentication, and revoke the connection when no longer needed.
The behavior depends on the current npm package version installed at setup time, which may differ from the version the skill author tested.
The skill instructs installation of a global npm CLI using the latest version rather than a pinned version. This is coherent with the stated Membrane integration, but it is outside the instruction-only skill artifact itself.
npm install -g @membranehq/cli@latest
Install the CLI only from the official package source, consider pinning a known version, and keep npm/global CLI security practices in mind.
Square account data and authentication state may be handled through the Membrane service as part of the integration workflow.
Square interactions are mediated through Membrane rather than directly through reviewed local code in the skill. This is disclosed and purpose-aligned, but it is an external data/credential boundary users should notice.
This skill uses the Membrane CLI to interact with Square.
Review Membrane’s access, privacy, and connection-management settings before using the skill with sensitive Square accounts.
A user may underestimate the breadth of Square access involved if they rely only on the short description.
The stated scope does not clearly match the later broad Square overview, which includes many sensitive payment and business resources. This makes the actual intended authority ambiguous.
Manage Organizations, Users, Goals, Filters
The skill should clearly state the exact Square resources and action types it may use, especially for payment, refund, customer, card, and bank-account operations.