whitesource

SUSPICIOUS. The skill's capabilities generally match its stated purpose, and the CLI install path is coherent and official enough to avoid a malicious classification. However, WhiteSource/Mend access is funneled through Membrane's proxy and account system rather than directly to official service endpoints, creating a meaningful third-party data-flow and credential-handling risk that is disproportionate to a simple integration guide.