deployhq

SUSPICIOUS. The skill is coherent with its stated DeployHQ-management purpose and uses an official npm-distributed CLI, so there is no strong evidence of malware. However, it routes DeployHQ access and credential handling through Membrane’s intermediary service rather than the official DeployHQ API directly, which creates meaningful third-party trust and data-flow risk, especially for sensitive deployment operations.