Skills
skills/membranedev/application-skills/grafbase/Socket

grafbase

Warn

Audited by Socket on May 5, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is coherent in purpose and uses an official npm-published Membrane CLI, so it is not malware-like. However, it introduces a third-party mediation layer for Grafbase auth and data flow, plus an unpinned CLI install, making the trust model noticeably broader than a direct Grafbase integration.

Confidence: 89%Severity: 59%
Audit Metadata
Analyzed At
May 5, 2026, 05:20 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fgrafbase%2F@ddb1ffacd48bd0a8de983004a91a351053944aeb
Security Audit — socket — grafbase