Skills
skills/membranedev/application-skills/purple-sonar/Socket

purple-sonar

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s basic function is coherent, and the CLI install path is legitimate, but the actual integration is a Membrane broker for Purple Sonar rather than a direct SonarSource workflow. That intermediary credential/data routing and dynamic action execution make the trust boundary larger than the stated app-specific purpose suggests.

Confidence: 86%Severity: 58%
Audit Metadata
Analyzed At
Apr 22, 2026, 05:06 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fpurple-sonar%2F@d61007a4f0158fe1f95b4aba8fe90ea2d4a0fff8