deepl

SUSPICIOUS. The skill’s DeepL capabilities are mostly aligned with its stated purpose, and the CLI install path is official npm-based rather than an overt malware pattern. However, the core data flow is not direct DeepL integration: authentication, credentials, and user content are routed through Membrane’s third-party service, which is a meaningful trust expansion beyond a normal direct API skill. Combined with unpinned `@latest` install and remote action generation, this is better classified as suspicious than benign, though not malicious.