cyberimpact

SUSPICIOUS: the skill's functional scope matches Cyberimpact management, and the CLI install source appears publisher-consistent via npm, so this is not overt malware. However, all authentication and data access are funneled through Membrane rather than directly to Cyberimpact's official API, creating a third-party credential and data mediation risk that is higher than a normal direct integration.