mode
Warn
Audited by Socket on Apr 30, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses an official npm-published CLI from the same vendor, so it does not look overtly malicious. However, it requires a Membrane account and routes authentication, credential refresh, and API traffic through Membrane rather than directly to Mode, creating a meaningful third-party credential/data intermediary risk that is broader than a direct Mode integration.
Confidence: 86%Severity: 61%
Audit Metadata