librato
Warn
Audited by Socket on May 2, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s purpose is plausible, and the install path appears to use Membrane’s official npm-distributed CLI, but the actual integration is not direct Librato access. Authentication, connections, and actions are all routed through Membrane as an intermediary, which is a meaningful trust and data-flow expansion beyond a straightforward service-specific skill. This is not confirmed malware, but it carries medium risk due to third-party mediation and mutable CLI installs.
Confidence: 84%Severity: 56%
Audit Metadata