semaphore

SUSPICIOUS: the skill’s purpose is coherent, and its CLI install path is official and proportionate, but it is not a direct Semaphore integration. It routes authentication and data access through Membrane’s intermediary platform, so users must trust a third-party service to hold and use Semaphore credentials. This is disclosed rather than hidden, making it more of a medium-risk trust-boundary and credential-forwarding concern than clear malware.