journeyfront

SUSPICIOUS: The skill is broadly aligned with its stated purpose, but it does not talk to Journeyfront directly; it routes authentication, action generation, and data access through Membrane as an intermediary. The install source is reasonably trustworthy (official npm package), so this is not strong malware evidence, but the third-party credential/data path and mutable `@latest` execution make the overall security risk medium.