mediatoolkit

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI comes from a documented same-org npm package, so this is not confirmed malware. The main risk is architectural: Mediatoolkit authentication and data are routed through Membrane’s CLI/service, creating third-party credential and data exposure, plus mutable `@latest` installs. Overall this is a medium-risk integration skill, not a malicious one.