gathercontent

SUSPICIOUS: The skill is coherent with its stated purpose as a Membrane-based GatherContent connector, and its CLI install path is vendor-consistent via npm. The main concern is data-flow integrity: GatherContent access is mediated by Membrane, so credentials and API traffic are entrusted to a third-party platform rather than sent directly to official GatherContent endpoints. This is not clear evidence of malware, but it is a medium security risk due to proxy-based credential handling and unpinned CLI execution.