sertifi

SUSPICIOUS: The skill's purpose and capabilities are mostly coherent, and the CLI comes from an official npm package rather than an opaque binary. However, all Sertifi access and credentials are funneled through Membrane, a third-party intermediary, so data flow does not go directly to official Sertifi endpoints. This is not strong evidence of malware, but it is a meaningful security and trust-boundary expansion beyond a direct API integration.