google-recaptcha

SUSPICIOUS. The skill’s capabilities broadly match its stated purpose, and the CLI install source appears legitimate, but the core integration routes authentication and API traffic through Membrane as a third-party intermediary instead of directly to Google reCAPTCHA. That makes the footprint larger than a direct API skill and creates moderate trust and data-flow risk, though not strong evidence of malicious intent.