skills/membranedev/application-skills/geckoboard/Socket

geckoboard

Warn

Audited by Socket on Apr 23, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: The skill is mostly coherent with its Geckoboard-management purpose and uses an official npm package, but it routes authentication and API activity through Membrane rather than directly to Geckoboard. That intermediary trust model and unpinned global CLI install raise moderate security risk, though there is not enough evidence to call it malicious.

Confidence: 83%Severity: 56%

Audit Metadata

Analyzed At

Apr 23, 2026, 02:43 AM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fgeckoboard%2F@061ba770579bb110e8468361d411f4a130ee942d