detectify

SUSPICIOUS. The skill’s purpose broadly matches its capabilities, but it introduces a third-party control plane (Membrane) between the agent and Detectify, so data and delegated auth flow to an intermediary rather than directly to Detectify. The install path is official npm and not overtly malicious, but the unpinned global CLI install and dynamic action generation add moderate supply-chain and control-scope risk.