Skills
skills/membranedev/application-skills/cross-river/Socket

cross-river

Warn

Audited by Socket on May 1, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is internally consistent as a Membrane-based Cross River integration and uses an official npm-distributed CLI from the same publisher, so this is not confirmed malware. However, it routes authentication, credential management, and API access through Membrane rather than directly to Cross River, creating meaningful third-party data and credential handling risk; the mutable `@latest` install adds minor supply-chain risk.

Confidence: 89%Severity: 58%
Audit Metadata
Analyzed At
May 1, 2026, 01:17 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fcross-river%2F@322a59565f308469449d2e2ae20ecb9a4f17329a
Security Audit — socket — cross-river