flyio

SUSPICIOUS: the skill's purpose is coherent and the CLI install path looks official, but the integration is fundamentally mediated by Membrane rather than Fly.io. That means Fly.io auth and organization data flow through a third-party service, and the skill enables impactful infrastructure actions without built-in approval controls. This is not confirmed malware, but it carries meaningful trust and credential-forwarding risk.