fortify

SUSPICIOUS. The skill is coherent as a Membrane-based Fortify integration, and the CLI install source is relatively legitimate, but its real footprint is broader than a direct Fortify skill: Fortify data access, authentication, and actions are routed through Membrane’s third-party platform, and the skill can create/run remote actions from natural language. This is not confirmed malware, but the intermediary data flow and expanded remote capability make it medium risk.