percy

SUSPICIOUS. The skill's purpose and capabilities are mostly coherent, and the CLI source appears to be the publisher's official npm package. However, all Percy access and credentials flow through Membrane as an intermediary, so users must trust a third-party platform with authentication and API traffic; combined with unpinned @latest CLI execution, this creates medium security risk without clear evidence of malware.