Srxp
ReviewAudited by ClawScan on May 10, 2026.
Overview
This SRXP finance-data skill is purpose-aligned, but it gives the agent broad authenticated API access, including direct write/delete-style requests, without clear safety limits.
Install only if you trust Membrane and intend to let the agent work with SRXP finance data. Use a least-privilege SRXP account, review any write/delete or bulk action before it runs, and prefer discovered scoped actions over raw proxy requests.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make broad authenticated changes to expense, budget, or user records if it chooses the wrong action or endpoint.
The skill exposes a raw API escape hatch with mutation and deletion methods for a spend-management system, without clear guardrails in the provided artifact.
When the available actions don't cover your use case, you can send requests directly to the SRXP API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user confirmation for POST, PUT, PATCH, DELETE, bulk operations, approvals, user changes, and financial-record changes; prefer scoped Membrane actions over raw proxy requests.
A highly privileged SRXP login could let the agent access or modify sensitive company spending data beyond the user’s intended task.
The skill uses delegated SRXP credentials and automatically applies them to direct API requests, but the provided instructions do not define account scope, least privilege, or action limits.
Membrane handles authentication and credentials refresh automatically... Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers.
Connect with the least-privileged SRXP account possible, review requested actions before execution, and document which SRXP scopes or roles are safe for this skill.
The installed CLI version may change over time, so behavior could differ from what was reviewed here.
The skill asks the user to install a global CLI from npm using the latest version; this is central to the integration but is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install the CLI from the official Membrane source, consider pinning a known version, and review npm package provenance before use.
Expense-management data and authentication flows may pass through Membrane infrastructure as part of normal operation.
SRXP API traffic and credential handling are routed through Membrane as an integration gateway, which is expected for this skill but creates a sensitive third-party data path.
you can send requests directly to the SRXP API through Membrane's proxy... injects the correct authentication headers
Use this only if you trust Membrane for SRXP integration, and avoid sending unnecessary sensitive records through proxy requests.