retool

SUSPICIOUS: the skill is mostly coherent as a Membrane-based Retool integration guide, and the install source appears legitimate. The main concern is data-flow integrity: Retool access is mediated through Membrane's proxy/CLI rather than direct Retool APIs, so authenticated data and actions transit a third-party service. This looks more like a managed integration pattern than confirmed malware, but it carries meaningful trust and credential-forwarding risk.