signiflow

SUSPICIOUS: The skill’s purpose and capabilities are broadly consistent, and the CLI comes from an official npm package linked to the publisher. The main concern is data-flow integrity: SigniFlow access and credentials are mediated through Membrane rather than direct official SigniFlow APIs, creating a third-party trust dependency. This looks like a legitimate integration pattern, not confirmed malware, but it carries medium security risk due to credential forwarding and intermediary routing.