thoughtspot

Warn

Audited by Socket on Apr 28, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is internally coherent as a Membrane-based ThoughtSpot integration, and the CLI comes from an official npm package rather than an unknown binary. However, the skill routes authentication and data through Membrane instead of directly to ThoughtSpot, and it uses mutable `@latest` CLI execution. This is not confirmed malware, but it introduces medium risk from intermediary data flow and supply-chain trust.

Confidence: 88%Severity: 57%
Audit Metadata
Analyzed At
Apr 28, 2026, 10:29 PM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fthoughtspot%2F@2325ea55dc3d78abd945b2a26184c1a089c33476
Security Audit — socket — thoughtspot