discord

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI install path appears legitimate via official npm/docs. However, all Discord access and credential handling are mediated through Membrane rather than direct Discord APIs, creating a meaningful third-party credential and data-flow trust dependency. This is not clearly malicious, but the intermediary architecture raises medium security risk.