firecrawl

SUSPICIOUS: the skill's purpose is coherent, but it routes all Firecrawl access and authentication through Membrane instead of Firecrawl's official direct API path. The npm-installed CLI appears same-vendor and not overtly malicious, so this is not confirmed malware; the main risk is third-party credential/data brokerage plus an unpinned global CLI install.