bitly

SUSPICIOUS. The skill's capabilities broadly match its stated Bitly purpose, and the CLI comes from an official npm package tied to Membrane. However, all Bitly authentication and action execution are routed through Membrane infrastructure, so credentials and user data are mediated by a third party rather than going directly to Bitly. This is not clear malware, but it creates medium risk and a trust expansion that users should explicitly understand.