boost

SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses a legitimate npm-distributed CLI, so it is not strongly indicative of malware. However, all authenticated Boost access is routed through Membrane's intermediary platform rather than directly to Boost, creating meaningful credential/data-flow trust risk, and the unrelated official-docs link adds inconsistency. Overall this looks like a real integration skill with medium security risk, not confirmed malicious behavior.