railz

Warn

Audited by Socket on Apr 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is internally coherent for a Membrane-published Railz integration, and its CLI install path is low-risk official npm distribution. However, its actual data flow routes sensitive Railz accounting access through Membrane’s intermediary proxy and account system instead of Railz’s official direct API, creating a meaningful third-party credential/data exposure that is disproportionate for a plain 'Railz integration' skill.

Confidence: 86%Severity: 64%
Audit Metadata
Analyzed At
Apr 21, 2026, 07:44 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Frailz%2F@be16b6f152afddce1d6ac076d5628e4c0e37793f