scrivito

SUSPICIOUS: the skill’s purpose matches its broad CMS integration behavior, and the CLI source appears official, but the core design routes Scrivito access, credentials, and data through Membrane rather than official Scrivito APIs. That third-party mediation is openly documented, so this is not confirmed malware, but it creates medium risk around credential forwarding, data visibility, and trust in an intermediary platform.