debugbear

SUSPICIOUS. The skill is functionally coherent, but it shifts DebugBear authentication and API access to Membrane as an intermediary, so data and credentials do not flow directly to official DebugBear endpoints. The install source is official npm and same-vendor, which lowers malware concern, but mutable `@latest` execution plus third-party credential custody keep security risk in the medium range.