bitwarden

SUSPICIOUS: the skill's purpose matches Bitwarden management, and the CLI install path is reasonably legitimate, but the core data flow is through Membrane rather than directly to Bitwarden. For a password-manager integration, sending auth and vault operations through a third-party platform is a significant integrity and confidentiality concern, making this higher risk than a normal direct API skill.