graphlinq

SUSPICIOUS. The skill is broadly coherent and uses an official npm-published Membrane CLI, so it does not look overtly malicious. However, it routes GraphLinq access and authentication through Membrane, uses mutable installs, and grants broad action/proxy capability that could trigger real blockchain-related operations without strong per-action guardrails.