backendless

SUSPICIOUS: The skill is broadly coherent as a Backendless integration guide, and its install path is through the official npm registry rather than an unverifiable binary. However, it routes authentication and API activity through Membrane infrastructure instead of directly to Backendless, creating a third-party credential/data mediation layer and moderate trust risk. No clear malware indicators or covert exfiltration are present, but the mediated data flow and mutable `@latest` CLI usage make it higher risk than a direct official Backendless integration skill.