replicate

SUSPICIOUS: The skill's core purpose is coherent, and the Membrane CLI appears to be an official npm-distributed tool from the same ecosystem. However, the skill presents itself as a Replicate integration while routing all authentication and API traffic through Membrane, a third-party intermediary that stores and refreshes credentials server-side. That data-flow indirection, plus unpinned CLI execution via `@latest`/`npx`, creates medium risk even without clear malicious intent.