jobscore

SUSPICIOUS. The skill’s capabilities broadly match its stated JobScore integration purpose, and the CLI comes from an official npm package tied to the same vendor. However, it routes authentication and API traffic through Membrane rather than directly to JobScore, creating third-party credential/data exposure, and the incorrect official-docs link undermines confidence. This is not confirmed malware, but it carries medium security risk due to intermediary data flow and mutable CLI installation.