Skills
skills/membranedev/application-skills/ifood/Socket

ifood

Warn

Audited by Socket on Apr 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is not overtly malicious and uses a legitimate npm-distributed CLI, but it routes iFood authentication and data operations through Membrane instead of official iFood APIs. That third-party intermediary model, plus unpinned global CLI install and credential/data handling outside the official service path, creates medium security risk and weak data-flow integrity for a narrowly described iFood integration skill.

Confidence: 84%Severity: 64%
Audit Metadata
Analyzed At
Apr 21, 2026, 11:43 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fifood%2F@2a92deb12f36a433b62825c1aa0fb7a788492395