Skills
skills/membranedev/application-skills/docusign/Socket

docusign

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s capabilities broadly match its DocuSign automation purpose, and the CLI install path appears legitimate. The main concern is architectural: it routes authentication and DocuSign operations through Membrane as an intermediary, which is proportionate to the product but increases trust and data-flow risk versus direct DocuSign API use; combined with unpinned global CLI install and high-impact actions, this makes the skill medium risk rather than benign.

Confidence: 84%Severity: 52%
Audit Metadata
Analyzed At
Apr 30, 2026, 09:57 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fdocusign%2F@01a22705cfd48d99a47c184151e1c414767d2fa4
Security Audit — socket — docusign