thru

SUSPICIOUS: The skill's purpose and capabilities largely align, and installation uses a standard npm package rather than an opaque binary. The main risk is architectural: Thru credentials and API traffic are routed through Membrane as a third-party intermediary, including arbitrary proxy requests, which is broader than direct service-native access and adds medium security risk even though it appears intentional and documented.