kandy

SUSPICIOUS: The skill is internally coherent for a Membrane-published Kandy integration, and the CLI install path is relatively trustworthy. However, all Kandy credentials and data are routed through Membrane's intermediary platform instead of official Kandy APIs, creating meaningful third-party credential and data-flow risk; combined with unpinned CLI installation and dynamic action creation, this makes the skill medium risk rather than benign.