testimio

SUSPICIOUS. The skill is broadly aligned with its stated purpose and uses a plausible official npm-distributed CLI, but all Testim.io access is mediated by Membrane rather than direct official endpoints. That third-party proxy/auth model raises medium data-flow and credential-forwarding risk, though there is not enough evidence here to call it malicious.