google-cloud-api-gateway

SUSPICIOUS: The skill is internally coherent as a Membrane-based integration, and the CLI install path is official npm rather than a suspicious binary drop. However, the stated Google Cloud purpose is fulfilled entirely through Membrane as a third-party intermediary, so credentials and API data do not flow directly to Google-native endpoints. This is not confirmed malware, but it introduces meaningful trust, privacy, and data-flow risk beyond what a direct Google Cloud integration would require.