appdrag

SUSPICIOUS: the skill is not overtly malicious and uses an official npm-distributed CLI, but it routes all AppDrag access through Membrane as a third-party intermediary and exposes broad high-impact actions beyond the narrow stated description. The main concerns are intermediary data flow, mutable CLI install, and the ability for an agent to perform destructive or outward-facing actions through the connector.