swagup

SUSPICIOUS: The skill's purpose and capabilities mostly align, but it depends on a third-party intermediary model: install Membrane CLI, authenticate to Membrane, and route SwagUp actions through Membrane rather than directly to SwagUp. The install source appears official and same-vendor, so this is not strong evidence of malware, but the intermediary data flow, local credential storage, and unpinned CLI install make the skill higher-trust and broader in scope than a direct SwagUp integration.