cobalt-io

SUSPICIOUS: the overall workflow is mostly coherent for a Membrane integration skill, and the CLI install path appears same-product and registry-based rather than an unverifiable binary. However, the skill sends Cobalt access through Membrane as an intermediary, uses mutable CLI execution, and includes a false 'official docs' domain (`cobalt.foo`), creating meaningful trust and data-flow concerns inconsistent with a clean direct Cobalt integration.