cursor

SUSPICIOUS. The skill is coherent with its stated purpose and uses an official npm package, so it does not look outright malicious. However, it centralizes authentication and API traffic through Membrane as an intermediary instead of direct Cursor endpoints, creating moderate third-party trust, credential-forwarding, and data-flow risk disproportionate to a simple Cursor integration.