postman

SUSPICIOUS. The skill is coherent as a Postman integration, and its CLI install path appears to be official npm distribution, so it is not confirmed malware. However, it materially expands trust by routing authentication and Postman operations through Membrane’s third-party CLI/service, including server-side action discovery/building, which makes the data flow and credential handling broader than a direct Postman skill.