dopesecurity

SUSPICIOUS. The skill is broadly coherent as a Membrane-based Dope.security integration, and the install path uses an official npm package rather than an unverifiable binary. The main concern is data-flow integrity: all authentication and action execution are routed through Membrane as a third-party intermediary instead of Dope.security's direct API, which expands trust and creates credential/data exposure potential beyond the stated vendor integration. This is not confirmed malware, but it is a medium-risk intermediary integration pattern with mutable CLI install instructions.