transform

SUSPICIOUS: the skill's basic purpose matches a TransForm integration, and the Membrane CLI install source appears consistent with the publisher, but the actual data flow is through Membrane as an intermediary rather than directly to TransForm's official API. That third-party routing, combined with open-ended action creation and a mutable `@latest` CLI install, makes the skill medium risk even without clear malware indicators.