bolt

SUSPICIOUS. The core behavior is mostly coherent for a Membrane-based integration skill, and the CLI install path appears official and documented. However, the skill has notable purpose ambiguity around what 'Bolt' means and routes API activity and credential handling through Membrane as an intermediary rather than directly to the upstream service, which raises moderate trust and data-flow concerns without clear evidence of malicious intent.