productiveio

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI comes from an official registry, but Productive authentication and data are intentionally mediated through Membrane’s third-party hosted platform rather than Productive’s official API directly. This is not clearly malicious, but it introduces medium trust and data-flow risk, especially with server-side credential custody and unpinned CLI installation.