newscatcher

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI comes from the official npm registry, but the integration routes credentials and data through Membrane instead of directly to NewsCatcher's official API. That third-party intermediary design and unpinned global CLI install create moderate trust and data-flow risk, though there is no strong evidence of overtly malicious behavior.

Confidence: 85%Severity: 56%
Audit Metadata
Analyzed At
Apr 29, 2026, 05:41 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fnewscatcher%2F@daa5b1e66689727bd51e16a3b4c038d3834d3557
Security Audit — socket — newscatcher