cufinder

SUSPICIOUS: the skill's basic function is coherent, and the Membrane CLI install path appears official, but the core integration is mediated by Membrane rather than CUFinder's official API. That means CUFinder-related data and auth are routed through a third-party platform, which is a meaningful trust and data-flow expansion beyond a direct service integration. No strong malware or obfuscation signals are present.