four-js-development-tools

SUSPICIOUS: The skill's stated purpose broadly matches its behavior, and the install path uses an official npm package rather than an unverifiable binary. However, it requires users to trust Membrane as a credentialed intermediary for Four J's access, routes requests through Membrane's proxy instead of direct official endpoints, and uses unpinned latest CLI execution. This is not confirmed malicious, but it carries medium security risk due to third-party credential/data mediation and supply-chain hygiene.