golioth

SUSPICIOUS. The skill is coherent as a Membrane-powered Golioth integration, and the CLI install path is reasonably legitimate via npm. However, it routes all Golioth access and auth handling through Membrane instead of Golioth's official direct APIs, creating a significant third-party data and credential trust boundary that is not inherent to a basic Golioth skill.