dyspatch

SUSPICIOUS. The skill is broadly aligned with its stated Dyspatch-management purpose, and the install path is relatively normal via npm. However, it routes authentication and API traffic through Membrane as an intermediary, requiring trust in a third-party platform and forwarding access to Dyspatch data through that layer. This is disclosed and plausibly legitimate, so it is not malware, but the indirect credential/data flow and unpinned `@latest` example make it medium risk rather than benign.