ezlynx

The skill is not overtly malicious, and its install path is reasonably legitimate via npm. The main risk is architectural: an Ezlynx skill routes authentication and data through Membrane’s third-party platform and remotely executed actions instead of official Ezlynx APIs, creating medium trust and data-handling risk.