doppler

SUSPICIOUS: the skill’s stated purpose is Doppler integration, but its real footprint is a Membrane-mediated integration that installs and authenticates a separate platform, then routes Doppler operations and potentially sensitive secret data through that intermediary. The install source is a legitimate npm package, so this is not strong malware evidence, but the third-party credential/data path and broad action-generation model make the skill higher-risk than a direct Doppler skill.