Skills
skills/membranedev/application-skills/truora/Socket

truora

Warn

Audited by Socket on May 6, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is coherent as a Membrane-hosted Truora connector, but its real footprint is broader than a plain Truora integration because all authentication and API activity are mediated by Membrane rather than going to Truora directly. The npm install source is comparatively legitimate, so this is not confirmed malware, but the third-party credential/data routing and unpinned CLI raise medium security concerns.

Confidence: 84%Severity: 62%
Audit Metadata
Analyzed At
May 6, 2026, 04:43 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Ftruora%2F@c3e43c1a84eb2ec129ec4df405b4a23cb61010fa
Security Audit — socket — truora