quickmailio

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is purpose-aligned and uses an official-looking npm CLI, but it routes authentication and API traffic through Membrane instead of directly to QuickMail.io. That intermediary data flow and unpinned CLI execution create medium security risk, though there is not enough evidence to call it malicious.

Confidence: 88%Severity: 56%
Audit Metadata
Analyzed At
Apr 29, 2026, 08:44 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fquickmailio%2F@6ccef237b8a1bf941ac7399e2ba2229168a76c70
Security Audit — socket — quickmailio