drift

SUSPICIOUS: the skill’s purpose and capabilities are mostly coherent, and the install path is an official npm package rather than an unverifiable binary. The main risk is data-flow integrity: Drift authentication and API traffic are routed through Membrane as an intermediary, so credentials and business data are not kept solely between the agent and Drift. This looks like a legitimate integration pattern, not confirmed malware, but it carries medium risk due to third-party credential brokering, mutable CLI install, and the ability to make arbitrary proxied requests and modify live Drift records.