kodagpt

SUSPICIOUS: The skill is mostly coherent as a Membrane-hosted integration and uses an official npm-distributed CLI, so there is no strong evidence of malware. However, it routes KodaGPT access and authentication through Membrane as an intermediary rather than clearly using official KodaGPT APIs directly, creating moderate data-flow and credential-forwarding risk. Overall this looks like a legitimate connector skill with medium trust concerns, not confirmed malicious behavior.