Skills
skills/membranedev/application-skills/localstack/Socket

localstack

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill's purpose broadly matches LocalStack management, and installation uses an official npm package, so this is not clearly malicious. However, it requires a Membrane account and routes LocalStack access through Membrane as an intermediary, which is a notable data-flow and credential-delegation expansion for a tool described as interacting with LocalStack data.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Apr 22, 2026, 07:15 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Flocalstack%2F@d3ef9c20c283d9dfb09c9f1921a644ee9b811d81