rapid7-insight-platform

SUSPICIOUS. The skill is purpose-aligned and uses an official npm package tied to the same publisher, so it does not look malicious. However, it routes authentication and Rapid7 API traffic through Membrane instead of directly to Rapid7, creating meaningful third-party credential and data-flow risk; combined with mutable @latest installs, this makes it medium-risk rather than benign.