charlie

SUSPICIOUS: the skill's install path is mostly coherent and same-org, but its core design routes Charlie authentication and API traffic through Membrane rather than directly to Charlie. That intermediary data flow is a meaningful security concern for an integration skill, though there is no strong evidence of overt malware or covert exfiltration beyond the declared Membrane platform model.