railsr

SUSPICIOUS. The skill's capabilities broadly match its stated Railsr integration purpose, and the CLI comes from an official npm package tied to the publisher. The main concern is data-flow integrity: Railsr authentication and API traffic are mediated by Membrane's platform/proxy instead of going directly to Railsr, creating a third-party trust boundary. This looks like a legitimate integration pattern, not confirmed malware, but it carries medium risk due to intermediary credential and data handling plus unpinned CLI installation.