coassemble

SUSPICIOUS: The skill's business actions match its Coassemble purpose, and the CLI install path is reasonably legitimate via npm. The main concern is data-flow integrity: all Coassemble access is brokered through Membrane, an intermediary service requiring its own account and credential handling, which expands trust and exposes user data/operations beyond a direct official API integration.