spinupwp

SUSPICIOUS: The skill’s core purpose is coherent, and the CLI install path is from an official npm package, so this does not look like outright malware. However, the skill is not a direct SpinupWP integration: it requires a separate Membrane account and routes auth, actions, and proxy API traffic through Membrane infrastructure instead of SpinupWP’s official API, creating meaningful third-party credential and data-flow risk.