skills/membranedev/application-skills/cdata-software/Socket

cdata-software

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: the skill is not overtly malicious and uses an official npm-distributed CLI, but its actual footprint centers on routing CData access through Membrane as a third-party intermediary. That creates medium risk from data-flow indirection and unpinned CLI supply chain, even though credential handling is relatively restrained and no direct exfiltration pattern is shown.

Confidence: 86%Severity: 56%

Audit Metadata

Analyzed At

Apr 30, 2026, 09:26 PM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcdata-software%2F@6ad910bb23b4d26e6deded0703186a5a0eb54039