sterlingbackcheck

SUSPICIOUS: the skill is broadly coherent with its stated purpose, but it inserts Membrane as an intermediary for authentication and API access to SterlingBackcheck, so sensitive data and auth flow through a third-party platform rather than directly to Sterling. Install trust is moderate, not extreme, because the CLI comes from npm and appears official, but `@latest`/`npx` make execution mutable.