envoy

SUSPICIOUS: the skill is not overtly malicious, and its npm-based Membrane CLI install is plausible, but the documentation is internally inconsistent about what 'Envoy' it integrates with and routes all API access through Membrane as an intermediary. Broad proxy capability and tenant-modifying actions are proportionate only if the user explicitly intends Membrane-mediated Envoy administration.