kickserv

SUSPICIOUS: The skill is broadly coherent for a Kickserv integration, and its CLI install path appears official via npm. However, it routes authentication and data access through Membrane rather than directly to Kickserv, adding a third-party trust boundary and credential/data intermediary that is significant for an agent skill. This is not clearly malicious, but the proxy-style architecture and unpinned CLI install make it higher risk than a direct official API integration.