weglot

SUSPICIOUS: The skill’s core purpose is coherent, and the CLI install path is from an official registry tied to the stated publisher. The main concern is data-flow integrity: Weglot operations are routed through Membrane’s proxy/service rather than directly to Weglot, so a third party mediates authenticated API access and potentially sees user data. This is not confirmed malware, but it is a medium-risk intermediary integration with mild supply-chain and credential-forwarding concerns.