ably-realtime

SUSPICIOUS. The skill is internally coherent as a Membrane-based Ably integration, and the CLI comes from an official npm package rather than an unverifiable binary. However, it materially intermediates both credentials and data through Membrane instead of using Ably's official APIs directly, making the trust and data-flow footprint broader than a simple Ably connector. This is not confirmed malware, but it is a medium-risk third-party gateway pattern with unpinned CLI installation and credential forwarding.