survicate

SUSPICIOUS: the skill’s purpose is coherent, and the CLI appears to be an official Membrane tool from normal distribution channels, so this is not overt malware. However, it inserts Membrane as a third-party control plane for Survicate authentication and data access, stores local CLI credentials, and uses an unpinned global install, making the trust and data-flow footprint moderately risky for a simple SaaS integration.