Skills
skills/membranedev/application-skills/alliancehcm/Socket

alliancehcm

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is coherent with its stated purpose and uses an official-looking npm CLI, but it intermediates AllianceHCM authentication and API traffic through Membrane rather than direct official endpoints. That third-party proxy model is disclosed and plausibly intentional, yet it creates meaningful security and privacy risk for sensitive HR/payroll data.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Apr 30, 2026, 06:14 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Falliancehcm%2F@9e0499a371252de5c29f2e3a06325df3b52f66e3
Security Audit — socket — alliancehcm