splynx

SUSPICIOUS. The skill’s purpose and core capabilities are mostly coherent, and the CLI install path appears to be an official npm package rather than a covert payload. However, it routes Splynx authentication and API traffic through Membrane’s third-party service, making credential and data flow indirect rather than direct-to-Splynx. That mediation is documented and plausibly legitimate for this integration, but it materially increases trust and privacy risk versus a direct API skill.