memory

Warn

Audited by Socket on Apr 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose and capabilities mostly align with a hosted memory system, and there is no install-time malware pattern. The main risk is data-flow integrity: it sends sensitive memories and full prior conversations, plus a bearer token, to a hidden variable relay endpoint ($API_URL) rather than a fixed publicly documented Rebyte API host. This looks more like an internal same-org service pattern than overt malware, but the opaque relay and broad conversation recall make it medium risk.

Confidence: 85%Severity: 58%
Audit Metadata
Analyzed At
Apr 16, 2026, 05:42 PM
Package URL
pkg:socket/skills-sh/rebyteai%2Frebyte-skills%2Fmemory%2F@b25d5fbb1934cf24d99bbe11ddc6f336f2567cf9
Security Audit — socket — memory