hyros

SUSPICIOUS: the skill is coherent as a Membrane-based Hyros integration, and the CLI install path is reasonably trustworthy via npm. However, it materially reroutes Hyros authentication and API traffic through Membrane rather than official direct Hyros API calls, expanding trust and enabling proxy-mediated access to sensitive analytics and account actions. This is not confirmed malicious, but the intermediary data flow and real-world write capabilities raise medium risk.