compass-ai

SUSPICIOUS: the skill's stated purpose is coherent with its capabilities, and the install source appears official and proportionate. However, it routes Compass AI access through Membrane's CLI and proxy infrastructure instead of directly to Compass, creating meaningful intermediary trust and credential/data-flow risk. This looks like a legitimate vendor-managed integration, not malware, but the third-party proxy model raises medium security concerns.