librato

Warn

Audited by Socket on May 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose is plausible, and the install path appears to use Membrane’s official npm-distributed CLI, but the actual integration is not direct Librato access. Authentication, connections, and actions are all routed through Membrane as an intermediary, which is a meaningful trust and data-flow expansion beyond a straightforward service-specific skill. This is not confirmed malware, but it carries medium risk due to third-party mediation and mutable CLI installs.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
May 2, 2026, 08:49 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Flibrato%2F@a9184b096cd4f534986583130eb8109be0c746b2
Security Audit — socket — librato