rapidapi

Warn

Audited by Socket on Apr 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s functionality is plausible, and the CLI appears vendor-associated, but the actual footprint is broader than a plain RapidAPI integration. It requires a separate Membrane account, routes auth and data through Membrane rather than direct RapidAPI endpoints, and uses an unpinned global CLI install. This is a coherent managed-integration design, but the intermediary data flow and credential delegation raise medium security concerns.

Confidence: 84%Severity: 62%
Audit Metadata
Analyzed At
Apr 21, 2026, 09:35 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Frapidapi%2F@b7a9c6ef1fb8bd7f2a46f0e88e945c4a37dc3b88