code-climate

SUSPICIOUS: the install source is mostly legitimate, but the skill's core design routes Code Climate authentication and API traffic through Membrane as a third-party intermediary. That is misaligned with a straightforward service integration and creates meaningful credential-handling and data-flow risk even without clear evidence of malware.