ekata

SUSPICIOUS: The skill’s purpose is coherent, and the CLI install path is a normal npm package rather than an unverifiable binary. However, the core integration routes Ekata authentication and API traffic through Membrane instead of directly to official Ekata endpoints, creating a third-party credential and data mediation layer that is broader than a direct SaaS integration. This is not confirmed malware, but it carries meaningful security risk due to credential forwarding, proxy-based data flow, and mutable `@latest` execution.