streak

SUSPICIOUS: The skill is coherent with its stated purpose and uses a real first-party CLI from npm, so it is not indicative of malware. However, all Streak authentication and API traffic are routed through Membrane, a third-party intermediary, and the skill exposes broad action/proxy capability; this is a meaningful but proportional security risk for a Membrane-based integration.