conveyor

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses an official npm-distributed Membrane CLI, but it routes all Conveyor authentication and API activity through Membrane rather than directly to Conveyor. That third-party credential/data mediation is disclosed and plausibly part of the product, so this is not confirmed malware; however, the proxy-based architecture, mutable CLI install, and doc-domain inconsistency make it higher trust-risk than a direct official API integration.