codemagic

SUSPICIOUS: the skill’s purpose and capabilities largely align, and the CLI install path is reasonably legitimate via npm. The main concern is data-flow integrity: Codemagic access is mediated through Membrane’s proxy and credential-management layer, so a third party handles authentication and request forwarding. This is coherent with the skill’s stated design, but it increases trust and privacy risk compared with direct Codemagic API use.