scrivito

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the CLI install path appears official. However, it routes Scrivito authentication and API traffic through Membrane as a third-party intermediary instead of direct official Scrivito APIs, which creates meaningful trust and data-flow risk even without clear malicious intent.