favro

SUSPICIOUS: the skill’s mechanics are not overtly malicious, and the CLI source appears legitimate, but the actual footprint is a Membrane integration layer rather than a direct Favro integration. Authentication, data access, and action execution are routed through a third-party intermediary service, which is broader than the stated purpose and creates medium security risk.