Skills
skills/membranedev/application-skills/even-financial/Socket

even-financial

Warn

Audited by Socket on Apr 28, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is coherent in purpose and uses an official npm-hosted Membrane CLI, so it does not look overtly malicious. However, it routes authentication and Even Financial API traffic through Membrane as a third-party intermediary, creating meaningful credential-forwarding and data-flow risk that is broader than a direct Even Financial integration.

Confidence: 85%Severity: 56%
Audit Metadata
Analyzed At
Apr 28, 2026, 09:31 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Feven-financial%2F@cffbe71f832c08dd04516994efea8946748075e8
Security Audit — socket — even-financial