peaka

SUSPICIOUS: the npm-installed Membrane CLI appears to be a legitimate first-party tool, so this is not strong evidence of malware. However, the skill’s actual footprint is mediated entirely through Membrane rather than direct Peaka APIs, and the Peaka-specific description/object model appears inconsistent with the claimed cloud-spend-management purpose. That combination makes the skill internally questionable and medium risk.