textgain

SUSPICIOUS. The skill is mostly coherent for a Membrane-based Textgain integration and uses an official npm package rather than a suspicious installer, but it routes all authentication and API activity through Membrane instead of Textgain’s official API directly. That intermediary credential/data flow is the main risk; install trust is moderate due to unpinned `@latest`, but there is no strong evidence of malware or deceptive exfiltration.