skills/membranedev/application-skills/infisical/Socket

infisical

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS. The skill is coherent in function and uses a legitimate same-vendor CLI from npm, so it does not look overtly malicious. However, its actual footprint centers on routing Infisical authentication and secret-bearing API traffic through Membrane as an intermediary, which is a notable data-flow and trust expansion for a secrets-management skill.

Confidence: 84%Severity: 64%

Audit Metadata

Analyzed At

Apr 2, 2026, 06:37 PM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Finfisical%2F@9e66f161d510e591a99cf3ba265db192f8eb87a2