four-js-development-tools

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's stated purpose broadly matches its behavior, and the install path uses an official npm package rather than an unverifiable binary. However, it requires users to trust Membrane as a credentialed intermediary for Four J's access, routes requests through Membrane's proxy instead of direct official endpoints, and uses unpinned latest CLI execution. This is not confirmed malicious, but it carries medium security risk due to third-party credential/data mediation and supply-chain hygiene.

Confidence: 85%Severity: 57%
Audit Metadata
Analyzed At
Apr 29, 2026, 10:12 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Ffour-js-development-tools%2F@c482921fbd34d331b313b60624f0d7e87d4974c3
Security Audit — socket — four-js-development-tools