kong

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and the CLI install path is a normal npm-based distribution. The main concern is data-flow integrity: Kong access and credentials are mediated by Membrane rather than going directly to Kong, creating a third-party trust boundary for sensitive API operations. This is not clearly malicious, but it is a meaningful security and privacy risk compared with a direct official Kong integration.