piloterr

SUSPICIOUS. The install source is relatively trustworthy because it uses Membrane's official npm CLI, but the skill is not fully cleanly aligned: it misdescribes Piloterr's product, adds an extra Membrane-account dependency, and routes all API activity through Membrane rather than directly to Piloterr's official API flow. This looks more like a third-party gateway integration than a native Piloterr skill. No confirmed malware or credential theft pattern is present, but the proxy-centric data flow and purpose mismatch make it suspicious rather than benign.