stackhawk

SUSPICIOUS: The skill is broadly consistent with its stated StackHawk integration purpose and uses a legitimate npm-published CLI, so there is no strong evidence of malware. However, it routes all StackHawk access through Membrane as a third-party intermediary instead of StackHawk's native API, which creates a medium data-flow and trust-boundary risk disproportionate to a simple service integration guide.