deepl

SUSPICIOUS. The skill's capabilities mostly match its stated DeepL-integration purpose, and the install path is a low-risk official npm package rather than a raw downloader. However, the core data flow is not direct to DeepL: authentication and API requests are mediated by Membrane, including a generic proxy feature. That intermediary architecture is documented and vendor-consistent, so this is not confirmed malware, but it materially expands trust and exposes user data/API activity to a third-party platform beyond DeepL itself.