railway

SUSPICIOUS. The skill's core behavior is coherent for a Membrane-based Railway integration, and the CLI install path is a legitimate npm distribution rather than a malicious downloader. However, the actual data flow is not a direct Railway integration: authentication, credential refresh, request signing, and proxied API traffic are all routed through Membrane, a third-party intermediary. That makes the trust footprint broader than the description implies and creates moderate supply-chain and credential-forwarding risk, though not enough evidence for confirmed malware.