sourceforge

SUSPICIOUS: The skill's purpose matches its capabilities, and the CLI install path is same-vendor and registry-based, not an obvious malware lure. However, all authenticated SourceForge access is mediated through Membrane's third-party CLI/service and proxy rather than direct SourceForge APIs, creating meaningful credential and data-flow trust risk disproportionate to a simple service integration.