Skills
skills/membranedev/application-skills/snyk/Socket

snyk

Warn

Audited by Socket on Mar 27, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is internally coherent as a Membrane-based Snyk connector, and the CLI install path is from an official npm package, so this is not confirmed malware. However, the skill’s real footprint routes Snyk authentication and API traffic through Membrane rather than directly to official Snyk endpoints, creating a third-party credential/data mediation risk that is significant for an AI-agent skill.

Confidence: 86%Severity: 62%
Audit Metadata
Analyzed At
Mar 27, 2026, 08:32 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fsnyk%2F@59a1066bc8621e9aca1715bed512fd63cbc6478a