eploy

SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses an official same-vendor CLI from npm, so there is no strong sign of malware. The main risk is architectural: Eploy authentication and API traffic are routed through Membrane, a third-party intermediary that stores and refreshes credentials, and the skill allows broad action execution plus proxy requests. This is proportionate for an integration platform but higher trust/risk than a direct Eploy-only client.