airship

SUSPICIOUS. The skill’s functionality is mostly consistent with its stated purpose, and the CLI comes from a plausible same-vendor npm source, so this is not confirmed malware. However, it is not a direct Airship integration: authentication and API traffic are brokered through Membrane, which materially expands trust and data exposure to a third party. The main risk is intermediary routing plus mutable CLI installs, not overt credential theft.