nyckel

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and the CLI comes from an official npm package rather than an obviously malicious source. However, Nyckel authentication and API traffic are brokered through Membrane instead of going directly to Nyckel, creating a third-party credential/data handling boundary that is larger than a direct integration. This looks more like a legitimate but medium-risk proxy-based integration than malware.