yonder

SUSPICIOUS: The skill's core purpose is coherent, and the install path uses an official npm package rather than a raw binary or curl|bash. However, all Yonder access and auth are funneled through Membrane as a third-party proxy/credential manager, so data-flow integrity is weaker than a direct Yonder integration and trust is concentrated in Membrane's infrastructure. This is not confirmed malware, but it carries medium security risk due to credential forwarding and proxy-mediated API access.