Skills
skills/membranedev/application-skills/zamzar/Socket

zamzar

Warn

Audited by Socket on May 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is internally consistent as a Membrane-based Zamzar integration, and the CLI comes from an official npm package rather than an obviously malicious installer. However, it routes Zamzar authentication and data through a third-party intermediary (Membrane) instead of the official Zamzar API, creating medium trust and data-flow risk that exceeds a direct single-service integration.

Confidence: 85%Severity: 54%
Audit Metadata
Analyzed At
May 2, 2026, 04:03 AM
Package URL
pkg:socket/skills-sh/membranedev%2Fapplication-skills%2Fzamzar%2F@235a6010f8e218eaf728964bb82d4123a65950ac
Security Audit — socket — zamzar