skills/membranedev/application-skills/signicat/Socket

signicat

Warn

Audited by Socket on Apr 23, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: the skill’s stated Signicat purpose is plausible, and the CLI install source appears vendor-consistent, but the actual data flow routes Signicat authentication and API traffic through Membrane as an intermediary. That third-party credential and data mediation is disproportionate to a direct Signicat integration and creates meaningful trust and data-flow risk.

Confidence: 84%Severity: 68%

Audit Metadata

Analyzed At

Apr 23, 2026, 05:58 PM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fsignicat%2F@a28e7a7af1ca368a58832bcb31a7d5cc7a03a14e