kyvio

SUSPICIOUS. The skill's capabilities generally match its Kyvio integration purpose, and the CLI install comes from an official registry. The main concern is data-flow integrity: all Kyvio access is mediated through Membrane, a third-party proxy/account layer rather than direct Kyvio API use. That extra trust boundary is significant but appears disclosed and consistent with the product model, so this looks more like a medium-risk managed-integration pattern than malware.