github-actions

SUSPICIOUS. The skill is internally coherent as a Membrane-based GitHub Actions integration, and its install path uses an official npm package rather than a suspicious downloader. However, it relies on a third-party intermediary for authentication and API access, and its remote `action create`/`action run` model expands scope beyond a simple direct GitHub integration. This is not confirmed malware, but it carries medium risk from intermediary credential handling, mutable CLI installation, and broad remote-action capability.