idx-broker

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI comes from an official registry with same-org branding, so this is not confirmed malware. However, all IDX Broker access is mediated through Membrane rather than direct official API calls, creating a meaningful third-party data-flow and trust risk, especially given support for arbitrary proxy requests and destructive record operations.