smartbear

SUSPICIOUS. The skill is coherent with its SmartBear-management purpose and uses an official npm-distributed Membrane CLI, so this is not confirmed malware. However, it routes all SmartBear authentication and data access through Membrane as an intermediary instead of direct official SmartBear APIs, creating meaningful third-party credential and data-flow trust concerns; combined with mutable `@latest` installs, this yields medium security risk.