unbox

Warn

Audited by Socket on Apr 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's core purpose is mostly aligned with its capabilities, and the install path uses an official npm package from the apparent publisher. However, all authenticated Unbox access is mediated through Membrane rather than direct official API endpoints, creating a third-party data and credential trust boundary, and the unrelated ARKit docs link signals documentation inconsistency.

Confidence: 87%Severity: 58%
Audit Metadata
Analyzed At
Apr 21, 2026, 11:47 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Funbox%2F@3661202a4427938638a453a61cc53cdcadc659b9