saucelabs

SUSPICIOUS. The skill is broadly coherent with its stated purpose, and the CLI comes from an official npm package tied to the same publisher, so this is not confirmed malware. However, the core design routes Sauce Labs authentication and operations through Membrane as an intermediary rather than official Sauce Labs APIs, and it uses mutable `@latest` installs/execution. That makes the skill medium risk: consistent in purpose, but with notable third-party trust and data-flow concerns.