mode

SUSPICIOUS. The skill is coherent in purpose and uses a verifiable npm-distributed CLI from the same vendor, so this is not strong evidence of malware. However, it centralizes authentication and Mode API access through Membrane rather than direct official Mode endpoints, creating meaningful intermediary trust and data-flow risk; combined with an unpinned global CLI install, this makes the skill medium risk rather than benign.