strapi

SUSPICIOUS: The skill is coherent with its stated purpose and uses an official vendor CLI from npm, so it does not look malicious. However, it requires a Membrane account and routes Strapi operations through Membrane’s proxy and credential infrastructure rather than directly to Strapi, creating a third-party data and trust dependency that raises medium security risk.