tettra

SUSPICIOUS: The skill is largely coherent with its stated Tettra integration purpose and uses an official npm-distributed CLI from the same vendor ecosystem, so it is not overt malware. However, it requires users to trust Membrane as a third-party intermediary for authentication and API traffic, and it exposes broad proxy capability plus unpinned `npx @latest` execution, making the overall risk moderate rather than benign.