typeform

SUSPICIOUS. The skill's capabilities match its stated Typeform integration purpose, and the CLI install path is a normal npm-based distribution rather than a covert payload. However, the skill requires a Membrane account and routes Typeform authentication and API traffic through Membrane instead of direct official Typeform API usage, creating a third-party credential/data mediation risk and enabling impactful external actions.