lightstep

SUSPICIOUS: the skill is broadly aligned with Lightstep integration, and the install source is legitimate, but its actual data flow depends on Membrane as an intermediary for authentication, credential storage/refresh, and proxied API access instead of direct Lightstep APIs. This is not confirmed malware, but it materially increases trust and data-flow risk beyond a normal direct-service integration.