tyk

Warn

Audited by Socket on May 1, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill's Tyk-management purpose broadly matches its commands, and the CLI comes from the official npm package for the same publisher, so this is not a clear malware pattern. However, the actual data flow is through Membrane as an intermediary rather than directly to Tyk, and the skill asks the user to trust Membrane with authentication and API traffic despite presenting itself as a Tyk integration. That third-party proxying and credential handling are disproportionate enough to raise medium risk, though not enough to conclude malicious intent.

Confidence: 90%Severity: 58%
Audit Metadata
Analyzed At
May 1, 2026, 09:58 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Ftyk%2F@e61a1be02895b2803efea83e9d52a00d4c466f06
Security Audit — socket — tyk