v1.0.4

Ticket Tailor

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 4:07 PM.

Analysis

This Ticket Tailor skill matches its integration purpose, but it asks the agent to install and run an unpinned external CLI and gives broad authenticated ability to modify Ticket Tailor data through Membrane.

GuidanceInstall this only if you trust Membrane and the npm-distributed CLI. Pin and verify the CLI version if possible, use the least-privileged Ticket Tailor connection, confirm any create/update/delete action before it runs, and revoke the Membrane connection when the work is finished.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceMediumStatusNote

SKILL.md

`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill allows external connection state returned by Membrane to include instructions for the agent. This can be useful for setup, but those instructions should not override the user's original Ticket Tailor task.

User impactDuring setup, the agent may receive additional instructions from the Membrane connection flow.

RecommendationTreat returned agent instructions as limited setup hints and confirm any action that changes Ticket Tailor data or account settings.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`membrane request CONNECTION_ID /path/to/endpoint` ... `--method` | HTTP method (GET, POST, PUT, PATCH, DELETE).

The skill exposes a broad authenticated proxy to the Ticket Tailor API, including methods that can create, modify, or delete data, without explicit user-approval or containment rules.

User impactA mistaken or overly broad agent request could alter or delete Ticket Tailor events, orders, check-in lists, or other account data.

RecommendationRequire explicit confirmation before running mutating requests, especially POST, PUT, PATCH, or DELETE, and limit actions to the specific event or record the user requested.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npm install -g @membranehq/cli@latest

The skill instructs installing an unpinned latest-version npm package globally, even though the provided install spec says there is no install mechanism.

User impactThe behavior of the skill can change if the latest CLI package changes, and a global install affects the local environment outside this single task.

RecommendationPin the CLI version, verify the package source, and prefer a declared install spec or isolated execution environment.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npx @membranehq/cli@latest action list --intent=QUERY --connectionId=CONNECTION_ID --json

Although the registry describes this as instruction-only with no code files, the runtime instructions execute externally downloaded CLI code via npx.

User impactInstalling or running the skill may execute code that is not included in the submitted artifact bundle.

RecommendationAvoid running @latest directly; use a pinned, reviewed CLI version and make the external execution requirement explicit before installation.

Cascading Failures

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Manage data, records, and automate workflows ... HTTP method (GET, POST, PUT, PATCH, DELETE)

The skill is designed to automate Ticket Tailor data workflows and permits mutating API methods, but the artifacts do not describe safeguards against broad or accidental changes.

User impactOne incorrect automated action could affect live event, ticketing, order, or check-in data in the connected Ticket Tailor account.

RecommendationUse narrow record identifiers, preview changes where possible, and require user confirmation before bulk or destructive operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Membrane handles authentication and credentials refresh automatically ... injects the correct authentication headers

The skill delegates Ticket Tailor authentication to Membrane and uses refreshed credentials for authenticated requests. The artifacts do not clearly define the permission scope or how to constrain that authority.

User impactAuthorizing the skill may give the agent continuing ability, through Membrane, to act on the connected Ticket Tailor account.

RecommendationUse the least-privileged Ticket Tailor/Membrane connection available, review granted permissions, and revoke the connection when it is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers

Membrane acts as a proxy/gateway for authenticated Ticket Tailor API traffic. This is aligned with the skill purpose, but it means requests, responses, and credential use are mediated by a third-party service.

User impactTicket Tailor data handled by the agent may pass through Membrane as part of normal operation.

RecommendationUse this skill only if you are comfortable with Membrane mediating the integration, and avoid sending unnecessary sensitive data in request bodies or prompts.