groovehq

SUSPICIOUS. The skill’s business purpose is coherent, and the install path is relatively normal, but the actual integration is mediated by Membrane rather than direct GrooveHQ API use. That third-party proxy/credential handling expands trust and data exposure beyond what a narrow GrooveHQ skill strictly needs, making this a medium-risk skill rather than clearly benign.