jelastic
Warn
Audited by Socket on Apr 22, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is internally coherent as a Membrane-powered Jelastic integration and uses an official npm-distributed CLI, so it is not outright malicious. The main concern is data-flow and trust expansion: Jelastic access is routed through Membrane’s intermediary platform/CLI rather than direct Jelastic APIs, combined with an unpinned `@latest` install and dynamic action creation. This is a moderate security risk but not confirmed malware.
Confidence: 83%Severity: 54%
Audit Metadata