questdb

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s capabilities broadly match its stated QuestDB purpose, and the CLI comes from an official npm package, so this is not overtly malicious. However, all authentication and database interaction are funneled through Membrane as a third-party intermediary, creating medium data-flow and trust risk, especially with an unpinned `@latest` CLI install and indirect access model instead of direct QuestDB APIs.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
Apr 29, 2026, 10:21 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fquestdb%2F@f42a4086551094e6f08da87a368b6dc75451b49d
Security Audit — socket — questdb