securitytrails

SUSPICIOUS: the skill's purpose and capabilities are mostly aligned, and the CLI install path is official npm-based, but all SecurityTrails access is intentionally mediated through Membrane rather than the official API. That intermediary data flow and credential handling are broader than a direct integration and create medium risk, though not enough evidence of malware or clear malicious intent.