referralrock

SUSPICIOUS: the skill's capabilities fit its purpose, and the CLI install source appears legitimate, but all ReferralRock access and authentication are mediated by Membrane rather than the official service directly. This creates a moderate third-party trust and data-routing risk, especially via the generic proxy feature, without clear evidence of malware or hidden exfiltration.