Skills
skills/membranedev/application-skills/balena/Socket

balena

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill's capabilities broadly match its Balena integration purpose, and install instructions use an official npm package rather than a hidden payload. However, all Balena access is funneled through Membrane-managed auth and proxy infrastructure, creating a third-party credential and data path that is broader than a direct Balena integration and raises medium security risk.

Confidence: 88%Severity: 58%
Audit Metadata
Analyzed At
Apr 29, 2026, 05:39 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fbalena%2F@3163528d7eb381b28980c49cc17d6a5fb1dd507a