noyo

SUSPICIOUS: the skill's purpose and capabilities mostly align, and the CLI comes from the expected vendor via npm, so this is not strongly indicative of malware. However, all Noyo access and auth are mediated through Membrane rather than direct official Noyo API flows, and the skill uses unpinned `@latest` CLI execution plus a broad proxy mechanism, creating meaningful third-party trust and data-flow risk.