Skills
skills/membranedev/application-skills/serveravatar/Socket

serveravatar

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI install source appears legitimate via npm. However, the integration routes authentication and API traffic through Membrane as an intermediary, including arbitrary proxied requests, so data-flow trust is weaker than a direct ServerAvatar integration and warrants medium risk.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Apr 2, 2026, 05:36 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fserveravatar%2F@6181c9f79014cd5277306ebd26bc840ee624f43a