codescene

SUSPICIOUS: The skill is broadly aligned with CodeScene management, and the CLI install source appears legitimate and first-party. The main concern is data-flow and trust expansion: CodeScene access is mediated through Membrane's CLI/service, including proxy requests and credential handling, rather than going directly to official CodeScene APIs. This is proportionate to the skill's stated Membrane-based purpose but still introduces meaningful third-party credential and data-routing risk.