float

SUSPICIOUS: the skill's capabilities mostly match its stated Float integration purpose, and installation comes from an official registry tied to the publisher. The main concern is data-flow integrity and trust expansion: all authenticated Float access is mediated by Membrane, a third-party platform that stores/refreshes credentials server-side and proxies requests, plus the CLI install is unpinned. This is not clearly malicious, but it is medium risk because the integration depends on an intermediary rather than direct official API use.