roboflow

SUSPICIOUS: the skill’s functionality is plausible, but it is not a direct Roboflow integration. It installs a third-party CLI and routes authentication, credentials, and action execution through Membrane’s platform, which is a material intermediary trust and data-flow expansion relative to the stated purpose. The npm install path appears legitimate, so this is not confirmed malware, but the proxying of Roboflow access through Membrane makes the skill higher risk than a normal official-service integration.