woodpeckerco

SUSPICIOUS. The skill's capabilities mostly match its stated purpose, and the CLI comes from a standard npm package rather than a raw installer. However, all authentication and API traffic are routed through Membrane as an intermediary instead of directly to Woodpecker's official API, and the documentation contains a misleading Woodpecker docs link. This looks more like a legitimate third-party integration with elevated trust requirements than outright malware, but the credential/data routing makes it medium risk.