taskade

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI comes from an official npm package with same-org branding. The main concern is data-flow integrity: Taskade authentication and API requests are mediated by Membrane rather than going directly to Taskade, creating third-party trust and visibility into user data; combined with an unpinned CLI install, this makes the skill medium risk but not clearly malicious.