softr

SUSPICIOUS: The skill is internally coherent as a Membrane-based Softr integration, and its install source is a real same-brand npm package rather than an obviously malicious payload. However, it materially expands trust by routing authentication and application data through Membrane instead of Softr’s official API directly, and it uses an unpinned external CLI plus remotely generated actions. That makes it higher-risk than a direct official Softr integration, but not clearly malicious.