nessus

SUSPICIOUS: the skill's high-level purpose is coherent, and the install source is an official npm package from the same publisher, so this is not strong evidence of malware. However, all Nessus access and authentication are routed through Membrane, a third-party intermediary, and the skill encourages unpinned CLI execution plus broad proxying of API requests; that makes the data flow and trust model broader than a direct Nessus integration and raises medium security risk.