Swagup
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a plausible SwagUp integration, but it gives an agent broad authenticated Membrane/API powers, including write and delete requests, without clear guardrails.
Install only if you trust Membrane and intend to give it access to your SwagUp account. Before allowing the agent to make changes, ask it to show the exact action, endpoint, method, and request body, and require explicit approval for any create, update, or delete operation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or hijacked instruction could cause the agent to create, change, or delete SwagUp business data such as orders, shipments, products, or account-related records.
This exposes a broad authenticated raw API escape hatch, including mutating and deleting methods, without visible instructions to require user confirmation, limit endpoints, or prefer safer scoped actions for high-impact changes.
When the available actions don't cover your use case, you can send requests directly to the SwagUp API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user approval for all POST, PUT, PATCH, and DELETE requests, use least-privilege SwagUp/Membrane access, and prefer specific listed actions over raw proxy calls.
The agent may be able to act with the connected SwagUp account's permissions.
The skill requires delegated Membrane/SwagUp authentication and persistent credential refresh. This is expected for the integration, but users should understand the account authority being granted.
Membrane handles authentication and credentials refresh automatically... membrane login --tenant --clientName=<agentType>
Connect only the intended account, review granted permissions, and revoke the Membrane/SwagUp connection when no longer needed.
Future CLI versions could behave differently from the reviewed instructions.
The setup uses an unpinned latest npm package installed globally. This is disclosed and central to the skill, but the exact code may change over time.
npm install -g @membranehq/cli@latest
Install from the official package source, consider pinning a reviewed CLI version, and avoid running the setup with unnecessary system privileges.
SwagUp request data and account access are mediated by Membrane rather than going directly from the user to SwagUp.
SwagUp API traffic and authentication handling pass through Membrane as a gateway. This is disclosed and purpose-aligned, but it is still a sensitive data boundary.
send requests directly to the SwagUp API through Membrane's proxy. Membrane automatically appends the base URL... and injects the correct authentication headers
Review Membrane's security and privacy posture, and avoid sending unnecessary sensitive data through proxy requests.
Users may overestimate or misunderstand the specific data scope before connecting an account.
The description names CRM-style objects while the overview describes SwagUp swag, shipment, order, product, and warehouse objects. This mismatch could confuse users about what data the skill can affect.
description: SwagUp integration. Manage Persons, Organizations, Deals, Leads, Projects, Activities and more... SwagUp is a platform for creating, storing, and distributing branded swag.
Inspect the action list and confirm the target SwagUp object before allowing any write or delete action.