scaleway

SUSPICIOUS. The skill is internally coherent and uses an official Membrane CLI from npm, so it does not look malicious. However, its actual integration pattern routes Scaleway authentication and API traffic through Membrane as an intermediary, which is broader than a direct service-specific skill and creates moderate credential/data-flow risk; combined with unpinned installs, this makes it suspicious rather than benign.