growsurf

SUSPICIOUS: The skill is broadly coherent for GrowSurf management, and its CLI install path appears legitimate. The main risk is architectural: all auth and API traffic are mediated by Membrane rather than going directly to GrowSurf, so credentials and business data flow through a third party with write-capable actions.