pixiebrix

SUSPICIOUS: the skill is internally coherent as a Membrane-based PixieBrix integration, and its install path is official npm rather than a rogue downloader. However, it routes authentication and data through Membrane instead of PixieBrix's official API, creating a third-party credential and data intermediary that is broader than many users may expect; combined with unpinned `@latest` execution, this makes the skill medium risk rather than benign.