qualys

SUSPICIOUS: the skill's stated Qualys purpose is plausible, and the install source is same-org and registry-based, but the real trust boundary is Membrane's CLI and backend, not direct Qualys APIs. That third-party mediation of authentication and data access makes the skill riskier than a normal direct integration, though there is no clear evidence of outright malware.