frontegg

SUSPICIOUS: the skill’s main inconsistency is data-flow design, not overt malware. A Frontegg integration would normally use Frontegg’s official API directly, but this skill requires a Membrane account, installs Membrane tooling, and routes all auth and actions through Membrane as a third-party control plane. The npm install path appears legitimate enough to avoid a malicious verdict, but the proxy architecture and credential/session forwarding make the skill medium risk.