decentro

SUSPICIOUS: the skill’s capabilities mostly match its stated Decentro-integration purpose, and installation is through an official npm package rather than a raw downloader. However, all authentication and API traffic are funneled through Membrane as an intermediary, creating third-party credential handling and proxying risk, and the skill supports potentially high-impact financial actions without explicit approval guardrails.