iauditor-by-safetyculture

SUSPICIOUS. The skill’s capabilities broadly match its stated purpose, and the CLI install path appears to be the official Membrane distribution. However, the integration is not a direct SafetyCulture client: it requires trusting Membrane as an intermediary for auth, token refresh, and action execution, and it uses an unpinned global CLI. This is a coherent but higher-trust brokered integration, so the main concerns are third-party credential/data handling and action scope, not confirmed malicious behavior.