brass

SUSPICIOUS: The skill is coherent as a Membrane-powered Brass connector, and the CLI install path appears to use an official npm package rather than an opaque binary. However, the actual data flow is not direct Brass API usage: authentication, connection management, and action execution are routed through Membrane, so Brass data and delegated credentials pass through a third-party intermediary. That is disclosed and may be legitimate, but it materially increases trust and privacy risk versus a direct official-API integration.