debugbear

SUSPICIOUS. The skill's purpose generally matches its capabilities, and the CLI source appears to be the publisher's official npm package, so this is not strong evidence of malware. However, the skill routes DebugBear authentication and API traffic through Membrane rather than DebugBear's direct official API path, creating meaningful credential-forwarding and intermediary data-flow risk. Overall this is a coherent integration skill with medium security risk due to third-party mediation and mutable CLI installs, not a clearly malicious one.