hyscoreio

SUSPICIOUS: the skill’s purpose is coherent, and the CLI comes from an official registry tied to the publisher, so this is not overt malware. However, all Hyscore authentication and data access are mediated through Membrane, creating an intermediary credential and data flow that is broader than a direct Hyscore integration; combined with unpinned CLI execution, this makes the skill medium risk.