posthog

SUSPICIOUS: the skill's capabilities match its PostHog integration purpose, and the CLI install path appears to be the vendor's official npm distribution. The main concern is data-flow integrity and scope expansion: PostHog access is not direct but routed through Membrane's CLI and backend, creating a third-party intermediary for authentication and analytics data. That is proportionate to the stated Membrane-based design, but it raises medium security risk versus a direct PostHog integration.