Skills
skills/membranedev/application-skills/circleci/Socket

circleci

Warn

Audited by Socket on Mar 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's general purpose matches CircleCI management, and the CLI install source appears official. However, it routes authentication and API traffic through Membrane rather than directly to CircleCI, creating a disproportionate trust dependency and third-party visibility into sensitive CI/CD operations. This is not confirmed malware, but it carries meaningful security and credential-handling risk.

Confidence: 88%Severity: 62%
Audit Metadata
Analyzed At
Mar 15, 2026, 09:55 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcircleci%2F@f8c7ea35eff4a9f0e6c5800ff6b72c4ba23a227b