reward-sciences

SUSPICIOUS: the install source is mostly legitimate and same-org, but the skill's real footprint extends beyond Reward Sciences by requiring a Membrane account and proxying API access through Membrane infrastructure. This is not confirmed malware, but the intermediary auth/data flow and unpinned CLI usage create medium risk and make the skill less self-contained than its description suggests.