0codekit

This file is a documentation/skill manifest describing how to use the Membrane CLI to interact with 0codekit and many external services. There is no embedded malicious code, hardcoded credentials, or download-and-execute shell one-liners. The primary security considerations are architectural/trust decisions: (1) installing a third-party CLI globally (un-pinned) increases local system risk if the package is compromised, and (2) Membrane's design intentionally proxies requests and manages credentials, which centralizes sensitive data in Membrane's backend and requires users to trust that service. If the threat model expects zero third-party access to credentials or strict change control on CLIs, these design choices are disproportionate; for many use cases they are acceptable but should be evaluated by the user. Overall I find no direct malicious content, but moderate supply-chain and trust risk from unpinned global installs and routing credentials/requests through a third-party proxy.