akamai

This SKILL.md documents a legitimate-seeming Akamai integration that relies on the Membrane CLI and Membrane's managed proxy for authentication and API requests. The core risk is centralized credential and request handling by a third-party (Membrane) — a design choice that is reasonable for a gateway product but requires trusting Membrane. There are no signs of obfuscation, hidden backdoors, direct credential harvesting instructions (like asking for API keys to be pasted), or download-and-execute shell tricks. The main supply-chain risk is installing a third-party global CLI from npm and the implication that all Akamai traffic and tokens flow through Membrane. Review and vet the @membranehq/cli package and Membrane's security/privacy policy before use. Overall, this is not obviously malicious but carries moderate supply-chain/third-party trust risk.