devrev

SUSPICIOUS. The skill’s purpose and capabilities are mostly aligned, and the CLI install path appears to be an official npm package from the same publisher ecosystem. The main concern is data-flow integrity: DevRev access is funneled through Membrane’s intermediary service and proxy rather than directly to official DevRev endpoints, so user data and delegated auth are entrusted to a third party. This is not fundamentally incompatible with the stated purpose, but it raises medium security risk and trust-boundary concerns.