stackhawk

SUSPICIOUS. The skill's general purpose matches its capabilities, and the CLI source appears legitimate, but the integration is not a direct StackHawk client: it requires a separate Membrane account and routes requests/auth through Membrane's proxy layer. That third-party mediation is a meaningful trust and data-flow expansion, making this more risky than a standard direct API integration, though not clearly malicious.