secure-code-warrior

SUSPICIOUS. The install path is relatively trustworthy because the Membrane CLI comes from the official npm registry, and there is no raw download-execute chain. However, the skill’s core data flow is not a direct Secure Code Warrior integration: authentication, credential handling, and API calls are routed through Membrane’s intermediary platform and proxy. That brokered design is disproportionate to a simple service integration and means user data and service access traverse a third party rather than official SCW APIs directly. This is not confirmed malware, but it is a medium-risk skill with notable data-flow and scope concerns.