Zenefits
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Zenefits integration, but it involves sensitive HR/payroll data, OAuth-style account access, and a globally installed third-party CLI.
Install this only if you trust Membrane and need Zenefits access. Use a least-privileged account, confirm any write/payroll/benefits changes before execution, avoid pulling bank or salary data unless necessary, and revoke the connection when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global CLI gives that package local execution ability in the user's environment.
The skill asks the user to install a global npm CLI at the latest version. This is disclosed and central to the Membrane-based workflow, but it is still an external, unpinned dependency.
npm install -g @membranehq/cli@latest
Install only from a trusted npm source, consider pinning a known-good version, and review Membrane CLI trust before use.
The connected account may allow access to sensitive employee, payroll, and benefits data according to that account's Zenefits permissions.
The skill relies on delegated Membrane/Zenefits authentication with automatic credential refresh. That is expected for a Zenefits integration, but it grants ongoing account access.
This skill uses the Membrane CLI to interact with Zenefits. Membrane handles authentication and credentials refresh automatically
Use a least-privileged Zenefits/Membrane account, verify OAuth or connector scopes, and revoke the connection when the integration is no longer needed.
Sensitive employee financial and HR data could be exposed in prompts, chat history, generated files, or shared responses if the user asks for it.
The documented actions can return salary, employment, and direct-deposit bank account information, which may enter the agent conversation or downstream outputs.
List Employments ... salary, hire date, and employment details ... List Employee Bank Accounts ... employee bank accounts for direct deposit
Request only the minimum HR/payroll data needed, avoid unnecessary bank-account or salary queries, and treat outputs as confidential.
If used carelessly, actions involving payroll, benefits, tasks, or employee records could affect business-critical HR data.
The skill enables action discovery against a live Zenefits connection for broad HR and payroll-related operations. This is purpose-aligned, but the domain is high-impact.
Manage Persons, Organizations, Benefits, Payrolls, Tasks ... membrane action list --connectionId=CONNECTION_ID --intent "QUERY"
Have the agent ask for explicit confirmation before any create, update, delete, payroll, benefits, or employee-record mutation.