skills/membranedev/application-skills/nextcloud/Socket

nextcloud

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: the skill's stated Nextcloud purpose broadly matches its actions, and the CLI install source is legitimate, but the integration is actually a Membrane-mediated proxy/service rather than direct Nextcloud access. That intermediary credential and data path is a meaningful trust expansion, so this is not malicious on its face but carries medium security risk and weaker data-flow integrity than a direct official integration.

Confidence: 86%Severity: 57%

Audit Metadata

Analyzed At

Apr 29, 2026, 08:44 PM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fnextcloud%2F@6da8dc4465f4f1b881b132e6479f6495a27743cb