encore

SUSPICIOUS. The core behavior mostly matches a Membrane integration skill and uses an official npm package, but the skill contains a clear documentation mismatch and sends all auth/data operations through Membrane rather than direct Encore endpoints. This looks more like a third-party managed gateway than a native Encore integration; not confirmed malicious, but trust and data-flow concerns are material.