jellyreach

SUSPICIOUS. The skill's capabilities mostly match its stated Jellyreach-management purpose, and the Membrane CLI install path appears same-vendor and officially documented. The main concern is data-flow integrity: instead of talking directly to Jellyreach's official API, the skill routes authentication and action execution through Membrane as an intermediary, concentrating trust and exposing Jellyreach data/credentials to a third-party platform. This is disclosed rather than hidden, so it is not confirmed malicious, but it is a meaningful security and trust expansion beyond a direct integration.