Skills
skills/membranedev/application-skills/bright-security/Socket

bright-security

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is internally coherent as a Membrane-based Bright Security integration, and its CLI comes from an official registry with same-vendor provenance. However, it routes Bright authentication and API traffic through Membrane rather than directly to Bright, creating a meaningful third-party credential and data intermediary risk. This is not confirmed malware, but it is a medium-risk integration due to credential forwarding, proxying, and unpinned CLI installation.

Confidence: 84%Severity: 53%
Audit Metadata
Analyzed At
Apr 30, 2026, 09:14 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fbright-security%2F@bec7cd17e9af60bf961be0e02045dd72fa819007
Security Audit — socket — bright-security