Upbooks
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This UpBooks skill is coherent, but it can use Membrane-authenticated commands, including raw API calls, to change or delete accounting data without clear guardrails in the provided instructions.
Install only if you trust Membrane and intend to let the agent access your UpBooks accounting data. Before any write, update, or delete operation, ask the agent to show the exact action or API request and confirm it explicitly.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could alter or delete accounting records through authenticated UpBooks API calls.
This documents an authenticated raw API escape hatch, including mutating and deleting methods, for accounting data. The provided instructions do not show explicit confirmation, scope, or rollback requirements before such high-impact operations.
When the available actions don't cover your use case, you can send requests directly to the UpBooks API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).
Use read-only actions where possible, require explicit user confirmation before POST/PUT/PATCH/DELETE operations, and review the exact endpoint, action ID, and JSON input before execution.
The agent may act through a logged-in Membrane connection to the user's UpBooks account.
The skill relies on delegated Membrane/UpBooks authentication. This is expected for an UpBooks integration, but it grants access to sensitive accounting account data.
Membrane handles authentication and credentials refresh automatically
Connect only the intended UpBooks account, prefer the minimum available permissions, and revoke the Membrane connection if it is no longer needed.
A future or compromised CLI release could change behavior from what was reviewed here.
The skill asks users to install a global CLI from npm using the moving `latest` tag. This is purpose-aligned, but it means the installed code is not pinned by the skill artifact.
npm install -g @membranehq/cli@latest
Install from a trusted environment, consider pinning a known-good CLI version, and update deliberately rather than automatically.
Accounting-related request data may transit through Membrane while interacting with UpBooks.
Authenticated UpBooks API traffic is routed through Membrane as a gateway. This is disclosed and expected for the integration, but users should understand that requests and responses pass through that service.
you can send requests directly to the UpBooks API through Membrane's proxy... injects the correct authentication headers
Use the integration only if you trust Membrane with this delegated access and avoid sending unnecessary sensitive data in requests.