skills/membranedev/application-skills/yoprint/Socket

yoprint

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: The skill is broadly coherent as a YoPrint integration, but it routes authentication and all operations through Membrane rather than directly to YoPrint, creating a third-party data and credential trust boundary. The npm-based CLI install is vendor-aligned and not inherently malicious, yet the unpinned global `@latest` install and intermediary architecture raise medium security risk rather than confirming malware.

Confidence: 83%Severity: 56%

Audit Metadata

Analyzed At

Apr 30, 2026, 05:49 AM

Package URL

pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fyoprint%2F@7735bd74e08749748b78e6a6580aa45a0a136e72