docspring

SUSPICIOUS. The skill is coherent as a Membrane-hosted DocSpring integration and does not show overt malware patterns, but it routes DocSpring access and credential lifecycle through a third-party intermediary instead of the official service directly. The npm install path is legitimate yet unpinned, so overall risk is moderate due to intermediary trust and mutable CLI execution rather than clear malicious behavior.