instatus

SUSPICIOUS. The skill’s purpose and capabilities generally align, and the CLI comes from a legitimate registry, but the integration is mediated through Membrane rather than directly through Instatus. That intermediary credential and data flow is disclosed and plausibly part of the product design, so this is not confirmed malicious, yet it creates medium security risk through third-party credential custody, indirect API access, and mutable CLI installation.