Skills
skills/membranedev/application-skills/cirrus-labs/Socket

cirrus-labs

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI install source is a legitimate npm package rather than an unverifiable binary. The main concern is data-flow integrity: Cirrus access and credentials are mediated by Membrane instead of going directly to Cirrus’s official API, creating third-party credential/data forwarding that is documented but broader than a direct service integration.

Confidence: 87%Severity: 53%
Audit Metadata
Analyzed At
Apr 30, 2026, 12:54 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcirrus-labs%2F@93fe5fff1bb204806d4f86ae62861e6ce60c92f6
Security Audit — socket — cirrus-labs