repuso

SUSPICIOUS. The skill's core function is plausible and the CLI source appears legitimate, but the actual integration is not a direct Repuso connector: it requires installing Membrane tooling, authenticating to a Membrane account, and routing Repuso access through Membrane-controlled services. That mismatch makes the trust boundary materially broader than the skill title suggests. This is not confirmed malware, but it is a medium-risk third-party mediation pattern with unpinned CLI installation.