revel-systems

SUSPICIOUS: The skill's capabilities broadly match its stated purpose, and the install path uses an official npm package rather than a raw installer. The main risk is architectural: it routes authentication and API traffic through Membrane's CLI/service instead of direct Revel endpoints, so users must trust a third-party integration layer with credentials and business data. This is not clearly malicious, but it carries medium security risk due to credential forwarding and proxy-based data flow.