mobivate

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI install path is a normal npm-based distribution. The main concern is data-flow integrity: Mobivate authentication and API traffic are intentionally routed through Membrane as an intermediary, so the user must trust a third-party platform with credentials and data. This is disclosed rather than hidden, so it is not malware, but it raises medium security risk.