Superoffice
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: superoffice-integration Version: 1.0.4 The skill provides a standard integration for the SuperOffice CRM platform using the Membrane CLI. It includes instructions for the AI agent to handle authentication, discover available actions, and execute API requests via the 'membrane' command-line tool (SKILL.md). The behavior is well-documented and aligned with its stated purpose of CRM management, with no evidence of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad changes to SuperOffice business data, including deleting or modifying important records, if it interprets a task too broadly.
The skill describes broad business, financial, administrative, and destructive operations but does not specify approval, scoping, rollback, or containment requirements before using them.
"Order" ... "Invoice" ... "Payment" ... "User" ... "Role" ... "License" ... "Database" ... "Server" ... "Backup" ... "Restore" ... "Delete" ... "Merge" ... "Import" ... "Export" ... "Use action names and parameters as needed."
Require explicit user confirmation for delete, merge, import/export, order/payment, user/role/license, backup/restore, and other high-impact actions; prefer read-only or narrowly scoped actions by default.
The connected account’s SuperOffice permissions determine what the agent can read or change.
The skill uses delegated Membrane/SuperOffice authentication and automatic credential refresh, which is expected for this integration but grants ongoing account access.
"Membrane handles authentication and credentials refresh automatically" and "membrane login --tenant --clientName=<agentType>"
Use the least-privileged SuperOffice/Membrane account available and review the permissions granted during connection.
The behavior of the installed CLI may change over time, and the reviewed skill does not include the CLI code itself.
The setup relies on installing the latest global Membrane CLI package from npm, which is purpose-aligned but not pinned to a reviewed version.
"npm install -g @membranehq/cli@latest"
Install the CLI from the documented official source, consider pinning a known version, and review npm/package provenance in managed environments.