Skills
skills/membranedev/application-skills/cardinal/Socket

cardinal

Warn

Audited by Socket on Mar 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is broadly aligned with a Cardinal integration and uses an official npm-distributed Membrane CLI, so it does not show clear malware behavior. However, it routes all Cardinal access through Membrane as an intermediary and grants broad proxy-based API access, which expands data exposure beyond a direct first-party integration and makes the footprint somewhat disproportionate to a simple app skill.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Mar 17, 2026, 06:07 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcardinal%2F@c56c1c15cefc4cad24a735204b7a69c67207a3fc