qualys
Warn
Audited by Socket on Apr 22, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill's stated Qualys purpose is plausible, and the install source is same-org and registry-based, but the real trust boundary is Membrane's CLI and backend, not direct Qualys APIs. That third-party mediation of authentication and data access makes the skill riskier than a normal direct integration, though there is no clear evidence of outright malware.
Confidence: 88%Severity: 57%
Audit Metadata