Skills
skills/membranedev/application-skills/announcekit/Socket

announcekit

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s stated purpose matches its AnnounceKit management capabilities, and the npm-distributed CLI appears to be an official Membrane tool rather than a random payload. However, all authentication and API access are funneled through Membrane instead of AnnounceKit’s official endpoints, expanding trust and data exposure to an intermediary service. This is disclosed and somewhat proportionate, so it is not malicious, but the third-party mediation and unpinned CLI dependency make it medium risk.

Confidence: 86%Severity: 54%
Audit Metadata
Analyzed At
Apr 29, 2026, 08:42 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fannouncekit%2F@7a5bae1f4270b84974b3ac68da3edddffc6dcdd5
Security Audit — socket — announcekit