practitest

SUSPICIOUS. The skill’s core function is coherent, and the CLI comes from an official npm package tied to the publisher, so this is not confirmed malware. However, the integration is materially mediated by Membrane rather than direct PractiTest APIs, meaning credentials and PractiTest data are forwarded through a third-party service; combined with mutable `@latest` CLI execution, this makes the skill medium risk.