the-graph

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s core functionality is coherent with a Membrane-based integration, and the CLI install path is official npm rather than an unverifiable binary. However, it routes The Graph access and credential handling through Membrane as a third-party intermediary instead of direct official APIs, broadening data exposure and trust requirements; combined with mutable `npx @latest` usage and slightly mismatched purpose wording, this is medium risk rather than benign.

Confidence: 84%Severity: 57%
Audit Metadata
Analyzed At
Apr 22, 2026, 02:44 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fthe-graph%2F@ddc4010bfd15dc06a8d0e051ee862dbd489f1e86