rapidapi

Warn

Audited by Socket on Apr 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is broadly coherent for RapidAPI access, and the CLI comes from an official npm package, but the actual integration is mediated by Membrane rather than direct RapidAPI APIs. That creates a meaningful third-party trust and data-routing concern, amplified by mutable `@latest`/`npx` execution and server-side credential handling.

Confidence: 85%Severity: 56%
Audit Metadata
Analyzed At
Apr 29, 2026, 06:39 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Frapidapi%2F@1ec13f602eadb8d8d142e80dfbf04ccf73fe9408
Security Audit — socket — rapidapi