readme-com

SUSPICIOUS: the skill's purpose broadly matches Readme.com management, and the install path is relatively legitimate, but the actual trust boundary is Membrane, not Readme.com. The main risk is third-party mediation of credentials and data plus unpinned CLI installation, making this more than a simple direct-service integration.