Skills
skills/membranedev/application-skills/complianceai/Socket

complianceai

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is mostly coherent for a Membrane-mediated Compliance.ai integration, and the CLI comes from an official npm package rather than an unverifiable binary. However, it routes authentication and data through a third-party intermediary instead of the official Compliance.ai API, understates that intermediary role, contains a false claim about public Compliance.ai docs, and uses an unpinned CLI install. This looks like a legitimate integration with medium security risk, not confirmed malware.

Confidence: 85%Severity: 52%
Audit Metadata
Analyzed At
Apr 22, 2026, 04:24 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcomplianceai%2F@ffa007313cba9fec452c951ab7ff0b1fbf4d62c5