humio

SUSPICIOUS. The skill's purpose broadly matches its capabilities, and the Membrane CLI appears to be a legitimate first-party npm package. However, the integration routes Humio authentication and data through Membrane's service rather than directly to official Humio APIs, creating a third-party credential/data intermediary that is disproportionate to a plain Humio skill. Main risks are credential forwarding, server-side auth handling, and unpinned CLI installation—not confirmed malware.