Skills
skills/membranedev/application-skills/assetsonar/Socket

assetsonar

Warn

Audited by Socket on Mar 4, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

Benign overall. The skill fragment presents a legitimate AssetSonar integration flow using Membrane’s CLI and proxy mechanism, with credentials managed server-side and no hardcoded secrets or questionable download patterns. Security risk is moderate due to external service interactions but aligns with the intended supply-chain integration pattern.

Confidence: 75%Severity: 75%
Audit Metadata
Analyzed At
Mar 4, 2026, 08:58 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fassetsonar%2F@9260758852ae78b214057178627b85d3d2c10488