rock-rms

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s capabilities broadly match its stated Rock RMS integration purpose, and the CLI install source is a normal npm package rather than an unverifiable binary. The main concern is data-flow integrity: Rock RMS authentication and API traffic are routed through Membrane as a managed intermediary, which is documented and intentional but introduces third-party credential/data handling that is broader than a direct Rock RMS integration.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Apr 22, 2026, 08:51 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Frock-rms%2F@8ddd83ee465d05094943d29a8c09d4ab6204bf90