coveralls

SUSPICIOUS: the install path is legitimate, but the skill’s actual integration model routes Coveralls authentication and API traffic through Membrane infrastructure rather than directly to Coveralls. That extra intermediary is disproportionate for a simple Coveralls skill and creates meaningful credential and data-flow risk, though there is no clear evidence of malware or obfuscation.