chartmogul

SUSPICIOUS: The skill’s capabilities broadly match its stated ChartMogul integration purpose, and the CLI comes from an official npm package tied to the same vendor. The main concern is data-flow integrity: authentication, credentials, and ChartMogul operations are routed through Membrane as a third-party intermediary rather than directly to ChartMogul, creating a significant trust dependency. This is not clearly malicious, but it is a medium-risk integration pattern with mutable CLI install and third-party credential custody.