thinq

SUSPICIOUS: the skill is mostly coherent as a Membrane-powered ThinQ connector and uses an official npm-distributed CLI from the same publisher, so there is no strong malware evidence. However, the skill routes ThinQ access through Membrane as a third-party proxy, stores/refreshes credentials server-side, and contains notable documentation mismatches about ThinQ’s purpose, which makes the data flow less trustworthy than a direct official API integration.