focalboard

SUSPICIOUS: the skill is coherent with its stated purpose, and the CLI comes from an official npm package, so this is not overtly malicious. However, the integration depends on a third-party Membrane account and routes authenticated Focalboard access through Membrane’s proxy/service layer rather than directly to Focalboard, which creates medium trust and data-flow risk beyond a simple first-party API skill.