knit

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI install path appears official, but the integration routes Knit authentication and API traffic through Membrane as a third-party intermediary rather than directly to official Knit endpoints. That proxy-based credential/data flow is the main concern; this looks more like a legitimate but medium-risk gateway pattern than confirmed malware.