smartbear

SUSPICIOUS: The skill's capabilities fit its stated SmartBear integration purpose, and the CLI install path appears to be the publisher's official npm package. The main concern is data-flow integrity: SmartBear requests and auth are routed through Membrane's proxy/service instead of directly to SmartBear, creating a third-party trust boundary for credentials and data. This is not clearly malicious, but it is a medium-risk intermediary pattern.