shuttle

SUSPICIOUS: the skill is coherent as a Membrane-based Shuttle integration, but its real footprint is a third-party gateway pattern. Install path is relatively normal npm supply chain, not malware-like, yet Shuttle data and auth are mediated through Membrane rather than direct Shuttle APIs, which raises medium security risk and trust-boundary concerns.