ayrshare

SUSPICIOUS. The skill is broadly aligned with its stated purpose, and the install path uses an official npm package rather than a raw payload. However, it relies on a third-party intermediary (Membrane) for authentication, credential storage, and API execution instead of using Ayrshare's native API directly, creating a notable trust and data-flow expansion. This looks more like a managed proxy integration than malware, but the intermediary credential routing and autonomous external-action capability make it medium risk.