crowdstrike

SUSPICIOUS: the skill's purpose and capabilities mostly align, and the CLI install path is verifiable via the publisher's npm scope. The main concern is architectural: CrowdStrike authentication and data access are mediated by Membrane rather than direct official CrowdStrike APIs, creating third-party credential/data handling and dynamic server-side action generation. This is not clearly malicious, but it is a medium-risk intermediary trust model.