firebase-admin-sdk

SUSPICIOUS. The skill is internally coherent as a Membrane-based Firebase admin integration, and its CLI comes from an official registry with same-publisher evidence, so it is not confirmed malicious. However, it materially shifts authentication, data access, and Firebase admin operations through a third-party platform instead of official Google/Firebase tooling, and it uses an unpinned global CLI install. That makes the overall risk medium and the trust boundary broader than the skill name alone suggests.