float

The skill presents a coherent Float integration workflow using the Membrane CLI and a proxy to the Float API. The installation source is npm (official registry), and authentication is abstracted by Membrane, reducing local credential exposure. Data flows are consistent with a legitimate integration pattern. Some concerns exist around proxy visibility and potential logging/credential handling at the Membrane layer, but no direct credential harvesting or unauthorized network exfiltration appears implied. Overall, the footprint is benign and proportionate to the stated purpose, with moderate security considerations around data in transit and server-side credential management.