flagsmith

SUSPICIOUS. The install path is relatively normal npm-based tooling, but the skill's main inconsistency is architectural: a Flagsmith integration is implemented as a Membrane-mediated gateway that handles authentication, connections, and action execution server-side. That third-party credential and data routing is not well aligned with a direct Flagsmith skill and creates meaningful trust and data-flow risk, though there is not enough evidence to call it confirmed malware.