skillzrun

SUSPICIOUS. The skill is not overtly malicious and uses a legitimate npm-published CLI with docs-consistent commands, but it routes authentication and data through Membrane as an intermediary and its SkillzRun description does not align well with public Skillz documentation. The main concerns are product-purpose mismatch and expanded trust in a third-party integration layer, not confirmed malware.