panzura

Warn

Audited by Socket on May 3, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is purpose-aligned and uses an official npm-distributed CLI from the same publisher, so it does not look overtly malicious. However, it introduces a third-party control plane (Membrane) between the agent and Panzura, forwards authentication and data through that intermediary, uses unpinned CLI execution, and enables broad remote actions and workflow automation beyond simple read-only access.

Confidence: 85%Severity: 58%
Audit Metadata
Analyzed At
May 3, 2026, 05:35 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fpanzura%2F@8cced7283fa5273ff09d56cf02da7115aec1cdb7
Security Audit — socket — panzura