Skills
skills/membranedev/application-skills/karbon/Socket

karbon

Warn

Audited by Socket on Apr 28, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is broadly coherent for Karbon management and uses an official-seeming Membrane CLI from npm, so it does not look malicious. However, all authenticated Karbon traffic and credential handling are routed through Membrane as a third-party proxy instead of directly to official Karbon endpoints, which creates meaningful intermediary trust and data-flow risk.

Confidence: 85%Severity: 56%
Audit Metadata
Analyzed At
Apr 28, 2026, 07:40 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fkarbon%2F@4e2e0e8de8f66c7d37ae429dbd98f9ffffaf0726
Security Audit — socket — karbon