partnerstack

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the install source is an official npm package tied to the same vendor. The main risk is architectural: PartnerStack access and credentials are mediated through Membrane rather than direct official API usage, creating a third-party trust and credential-forwarding concern. This looks like a legitimate integration model, not confirmed malware, but it carries medium security risk due to intermediary data flow and unpinned CLI execution patterns.