smarty

SUSPICIOUS. The Membrane CLI install path appears official and proportionate on its own, but the skill is internally inconsistent about what 'Smarty' means and what it can do. Its real data flow also routes requests through Membrane's proxy rather than directly to the target service, which is a meaningful trust-boundary expansion. Overall this looks more like a mislabeled or confused skill than confirmed malware, but the purpose-capability mismatch warrants caution.