devrev

SUSPICIOUS: The skill’s capabilities broadly match its stated DevRev integration purpose, and its CLI install path is official and publisher-aligned. However, it routes authentication and DevRev operations through Membrane rather than directly to DevRev, creating a third-party credential and data handling layer with real-world write capabilities. This is not confirmed malware, but it carries medium security risk due to credential forwarding, intermediary data flow, and unpinned CLI installation.