emplifi

SUSPICIOUS: the skill's purpose is coherent, and the CLI comes from an official registry tied to the stated publisher, but all Emplifi authentication and API traffic are funneled through Membrane rather than directly to Emplifi. That third-party mediation is disclosed and plausibly integral to the product, so this is not confirmed malicious, but it creates medium security risk through credential forwarding, proxying, and unpinned CLI execution.