imgix

SUSPICIOUS. The skill's purpose and core capabilities are mostly coherent, and the CLI comes from an official npm package, so this does not look like overt malware. However, the integration is built around Membrane as a third-party intermediary for authentication, credential refresh, and API proxying rather than direct Imgix access, which materially increases trust and data-flow risk beyond a simple Imgix skill.