serverless

SUSPICIOUS. The skill is not overtly malicious and uses an official npm-distributed CLI consistent with the Membrane publisher, so install-trust risk is moderate rather than high. However, the stated purpose is a Serverless integration while the actual model routes authentication, action discovery, and action execution through Membrane as a third-party intermediary instead of direct official Serverless APIs, and it advertises an unusually broad operational scope. That makes the skill internally coherent as a Membrane connector, but only partially aligned as a narrowly scoped Serverless skill.