contis

SUSPICIOUS: the skill is broadly aligned with its stated Contis-integration purpose and uses an official-looking same-vendor CLI from npm, so it is not overtly malicious. However, it routes authentication, credentials, and API interactions through Membrane rather than direct Contis endpoints, creating meaningful third-party trust and data-flow risk; the mutable global CLI install adds moderate supply-chain risk.