snyk

SUSPICIOUS. The skill’s purpose is coherent, but it routes authentication and Snyk data through Membrane as an intermediary rather than using Snyk directly. The CLI source appears legitimate and same-vendor via npm, so this is not confirmed malware; the main concern is third-party credential and data mediation plus an unpinned global CLI install.