42crunch

The skill documentation describes a reasonable integration pattern that delegates authentication and API proxying to the Membrane CLI/service. There is no evidence in the provided content of malicious code, direct credential harvesting, download-and-execute instructions, or obfuscated payloads. The primary security consideration is an elevated trust requirement: using this skill means trusting the Membrane service to handle authentication, tokens, and proxied request payloads. Organizations should review Membrane's security and privacy practices before use and ensure the @membranehq/cli package is installed from the official source. Overall the content appears benign but relies on third-party trust for sensitive data and proxying.