mux

SUSPICIOUS. The skill's purpose mostly matches its capabilities, and the CLI comes from npm rather than an obviously rogue source, but the actual data flow is through Membrane as a third-party proxy and credential manager rather than directly to Mux. That makes the footprint broader than a straightforward Mux integration and creates medium security risk from credential forwarding, intermediary access to Mux data, and unpinned CLI execution.