plecto

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the CLI install path appears legitimate via Membrane's official npm package. However, it requires a Membrane account and routes Plecto authentication and API traffic through Membrane's intermediary service rather than directly to Plecto, which expands trust and creates moderate data-flow and credential-forwarding risk.