skyciv

SUSPICIOUS: The skill is largely coherent for a SkyCiv integration and uses an official npm-published CLI from the same vendor, so it is not strongly indicative of malware. However, all authentication and API access are mediated through Membrane rather than direct SkyCiv endpoints, creating meaningful third-party credential and data-routing risk; combined with floating CLI versions, this makes the skill medium-risk rather than benign.