tenderly

SUSPICIOUS: The skill's purpose is coherent, but it relies on a third-party intermediary (Membrane) to authenticate to and access Tenderly rather than using Tenderly's official API directly. The npm-installed CLI appears plausibly official and not an unverifiable binary, so this is not confirmed malware; however, the mediated credential/data flow and unpinned `@latest` install make it a medium-risk skill.