kamonio

SUSPICIOUS: the skill is coherent with Membrane's product model, and the CLI install source is reasonably legitimate, but the actual Kamon integration is mediated through Membrane for auth, actions, and proxy requests rather than using official Kamon endpoints directly. That creates a meaningful third-party credential/data-flow risk and mutable install risk, though not enough evidence for malicious intent.