Skills
skills/membranedev/application-skills/sidekick-ai/Socket

sidekick-ai

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s functionality mostly matches its stated purpose, and the CLI comes from the official npm registry rather than an unverifiable binary. However, all Sidekick access and credential handling are mediated by Membrane, a third-party integration layer, and the skill encourages broad proxy access plus unpinned CLI execution. This is more a trust-boundary and credential-forwarding risk than confirmed malware.

Confidence: 82%Severity: 64%
Audit Metadata
Analyzed At
Apr 30, 2026, 01:43 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fsidekick-ai%2F@4703d7ef4d0fbbeba100522b6a877a6a48f25d0c
Security Audit — socket — sidekick-ai