simplekpi

SUSPICIOUS: the skill is internally coherent as a Membrane-based SimpleKPI integration, and its CLI source appears vendor-consistent and npm-hosted. The main concern is data-flow integrity and credential forwarding: all auth and API access are routed through Membrane instead of directly to SimpleKPI, expanding trust to a third-party intermediary. This is disclosed rather than covert, so it does not look malicious, but it carries medium security risk.