formcarry

SUSPICIOUS: the skill is coherent and uses an official npm-distributed Membrane CLI, so it does not look overtly malicious. However, it expands trust by routing Formcarry authentication and API traffic through Membrane’s connection/proxy layer, which is disproportionate to a simple direct Formcarry integration and creates meaningful third-party credential/data exposure.