boostai

SUSPICIOUS: the skill is internally coherent as a Membrane-based Boost.ai wrapper, and the CLI install path appears official. However, it routes authentication, credentials, and API activity through Membrane rather than directly to Boost.ai, creating meaningful third-party trust and data-flow risk; the main concern is mediated credential/data handling, not overt malware.