hydrogen

SUSPICIOUS: the install path is relatively normal and uses an official npm package, but the skill is internally inconsistent about what 'Hydrogen' is, and it routes auth and data through Membrane rather than directly to the official service. The main risk is misleading purpose and third-party credential/data mediation, not confirmed malware.