tyk

SUSPICIOUS. The skill's Tyk-management purpose broadly matches its commands, and the CLI comes from the official npm package for the same publisher, so this is not a clear malware pattern. However, the actual data flow is through Membrane as an intermediary rather than directly to Tyk, and the skill asks the user to trust Membrane with authentication and API traffic despite presenting itself as a Tyk integration. That third-party proxying and credential handling are disproportionate enough to raise medium risk, though not enough to conclude malicious intent.