mux

SUSPICIOUS. The skill is internally coherent as a Membrane-based Mux integration, and the CLI install source appears official and proportionate. However, all Mux access and authentication are mediated through Membrane rather than direct official Mux API flows, which introduces a meaningful third-party credential and data-routing risk. This is not confirmed malicious, but the proxy/auth intermediary model and unpinned `@latest` execution raise medium security concerns.