nifty

SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses an official npm-distributed Membrane CLI, so it does not look overtly malicious. However, it routes Nifty authentication and data through Membrane as an intermediary, creating a meaningful credential-forwarding and data-flow trust expansion; combined with an unpinned CLI install and stale Nifty doc reference, this makes the skill medium risk rather than benign.