bolt

SUSPICIOUS. The core Membrane CLI usage is broadly consistent with an integration skill and comes from an official npm package, but the skill has notable coherence issues: the stated Bolt product does not match the cited Slack Bolt docs, and all API access is funneled through a third-party Membrane proxy rather than the official service API. This looks more like a legitimate but high-trust intermediary integration pattern than confirmed malware.