nlp-cloud

SUSPICIOUS: The skill is coherent as a Membrane-based integration guide, and its CLI comes from an official npm package rather than an unverifiable binary. However, its actual footprint routes authentication, action execution, and potentially sensitive NLP Cloud data through Membrane instead of NLP Cloud’s official direct API, while using unpinned `@latest` installs and remote platform-defined actions. This is not confirmed malware, but it introduces medium security risk due to intermediary data flow and expanded trust in third-party infrastructure.