homerun

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is internally coherent as a Membrane-published Homerun integration and uses an official npm-distributed CLI, so it is not confirmed malware. However, it materially expands trust by routing authentication, credentials, and Homerun API activity through Membrane infrastructure rather than directly to Homerun, making it higher risk than a direct official API skill.

Confidence: 88%Severity: 56%
Audit Metadata
Analyzed At
Apr 29, 2026, 01:01 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fhomerun%2F@2e4a267841bf641d5c74286bd824a78f6b2a3a7f
Security Audit — socket — homerun