bidsketch

SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses an official-looking npm-distributed Membrane CLI, so this is not confirmed malware. However, it routes Bidsketch authentication and API traffic through Membrane as an intermediary, creating meaningful credential-forwarding and third-party data-handling risk beyond a direct Bidsketch integration.