active-trail

SUSPICIOUS. The skill's capabilities broadly match its stated Active Trail integration purpose, and the CLI install path is a normal npm-based dependency. However, all authentication and API activity are routed through Membrane as an intermediary/proxy rather than directly to Active Trail, which expands trust and exposes user data/credentials to a third-party platform. This is not confirmed malware, but it is a medium-risk integration pattern due to credential forwarding and proxy-based data flow.