holded

SUSPICIOUS: the skill’s core purpose is coherent, but its actual data flow is broader than a direct Holded integration because all access is routed through Membrane’s CLI and service. The npm install path looks ordinary, yet the third-party intermediary model, server-side credential handling, arbitrary proxy capability, and ability to perform write actions raise medium security risk rather than making it outright malicious.