cnvrgio

SUSPICIOUS. The skill's capabilities broadly match its purpose, and the install source is an official npm package rather than an opaque binary. The main concern is data-flow integrity: Cnvrg.io access and credential handling are routed through Membrane's CLI and proxy infrastructure, creating third-party credential forwarding and intermediary API traffic that exceed a direct Cnvrg.io integration. Risk is moderate rather than malicious because this behavior is disclosed and consistent with the skill's Membrane-centered design.