launchdarkly

SUSPICIOUS: The skill’s purpose broadly matches LaunchDarkly management, and the npm-installed CLI is not an obviously malicious installer. However, the integration routes authentication and API traffic through Membrane rather than directly to LaunchDarkly, creating third-party credential/data handling and proxying that is not strictly necessary for the stated purpose. This looks more like a high-trust intermediary integration than malware, but the data-flow integrity and credential-forwarding risks are significant.