securitytrails

SUSPICIOUS. The skill’s purpose is coherent, and the CLI appears to be an official Membrane npm package, so this is not confirmed malware. However, it materially expands trust by routing SecurityTrails authentication and API traffic through Membrane rather than using SecurityTrails’ official direct API flow, and it relies on an unpinned external CLI. That makes the skill medium risk with notable credential/data-flow concerns.