semaphore

The Semaphore integration skill is coherent with its stated purpose: it leverages Membrane's CLI to manage Semaphore data with authentication handled server-side, and uses Membrane's proxy to interface with Semaphore API. The install path uses official npm tooling, and credentials are not stored locally but managed by Membrane, which aligns with a secure, developer-focused integration. Overall, the risk is low to moderate (securityRisk around 0.3–0.4, malware near 0.0–0.1) given proper Membrane security, with no evident credential harvesting or arbitrary file/system access. The main considerations are ensuring Membrane's proxy remains secure and that any emitted logs do not inadvertently leak session tokens.