mercury

SUSPICIOUS: the core capability mostly matches a Mercury integration, and the CLI install path is legitimate, but the skill routes all Mercury access through Membrane as an intermediary, enabling broad credential/data handling outside Mercury’s official direct API flow. The incorrect Mercury docs link and vague description further weaken trust. Medium risk, not confirmed malware.