strapi

SUSPICIOUS: The skill is broadly coherent for Strapi integration and uses an official npm-distributed CLI, so it does not look outright malicious. The main concern is data-flow integrity: all Strapi access and credential handling are funneled through Membrane's intermediary service rather than directly to Strapi, which is a meaningful third-party trust and exposure risk.