ncscale

SUSPICIOUS: The skill is mostly coherent as a Membrane-based integration and uses an official npm-distributed CLI, so it is not outright malicious. However, all NcScale access is funneled through Membrane's proxy/service, the docs understate local credential handling, one command is unpinned, and the NcScale target appears weakly verifiable; together these make the skill medium risk rather than benign.