weavr

SUSPICIOUS: the skill's stated purpose is Weavr integration, but its real footprint is a Membrane gateway skill that installs an external CLI, routes authentication and data through Membrane infrastructure, and encourages avoiding direct official APIs. The install source is legitimate and same-vendor, so this is not malware, but the intermediary credential/data flow and unpinned CLI make the trust model broader than a normal first-party Weavr integration.