restack

SUSPICIOUS: The skill is broadly coherent for a Restack integration, but it routes authentication and API traffic through Membrane rather than directly to Restack. Because the third-party mediation is explicit and the CLI comes from npm rather than an unverifiable binary, this looks more like a moderate trust/data-routing risk than malicious intent.