alchemer

SUSPICIOUS. The skill is mostly coherent with its stated purpose, and the CLI comes from an official npm package aligned with the publisher. However, all Alchemer access and credentials are routed through Membrane as a third-party intermediary, and the skill installs an unpinned global CLI. This is not clearly malicious, but the brokered data flow and credential handling make it higher risk than a direct official API integration.