pushover

SUSPICIOUS: The skill is coherent with its stated purpose, but it routes Pushover access through Membrane rather than the official API, creating a meaningful third-party trust and data-handling risk. Install provenance is moderately trustworthy via npm, and there is no clear malware or hidden payload behavior, but the intermediary credential/data flow makes this medium risk rather than benign.