statuscake

SUSPICIOUS: the skill's purpose matches StatusCake management, and the install source is an official npm package tied to the publisher ecosystem, so this is not clearly malicious. However, it routes authentication and API operations through Membrane as an intermediary rather than directly to StatusCake, and it installs an unpinned external CLI that handles credentials, creating medium trust and data-flow risk.