Skills
skills/membranedev/application-skills/connectwise-psa/Socket

connectwise-psa

Warn

Audited by Socket on May 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is broadly aligned with its stated ConnectWise PSA integration purpose and uses an official npm package, but it routes authentication and API traffic through Membrane rather than directly to ConnectWise. That third-party mediation is disclosed and plausible, yet it increases trust and data-handling risk, especially with an unpinned CLI and proxy-based access to business records.

Confidence: 88%Severity: 56%
Audit Metadata
Analyzed At
May 2, 2026, 12:03 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fconnectwise-psa%2F@099dc6f628d6fb999c69583044979c51e72ae724
Security Audit — socket — connectwise-psa