centra

SUSPICIOUS: The skill is coherent with its stated purpose and uses an official-looking npm CLI, so it is not overt malware. However, all Centra access is routed through Membrane as an intermediary, which adds third-party credential and data-flow risk beyond a direct Centra integration, and the skill enables consequential write actions.