marvel

SUSPICIOUS: the skill's overall purpose is plausible, and the CLI install path is consistent with the publisher, but the core integration is mediated entirely by Membrane rather than direct Marvel APIs. That intermediary model makes credentials and Marvel data flow through a third party, which is a meaningful trust and data-flow risk even without clear signs of malware.