qualaroo

SUSPICIOUS: the skill's stated Qualaroo purpose is plausible, and the CLI install source appears legitimate, but the actual integration routes authentication and API traffic through Membrane as a third-party intermediary rather than directly to Qualaroo. This creates medium-high security risk from credential delegation, proxy access, and mutable CLI installs, though there is no clear evidence of malware or obfuscation.