totalexpert

SUSPICIOUS. The skill's purpose and capabilities are mostly aligned, and its CLI install path appears to be official and same-vendor. The main concern is architectural: all Total Expert access and auth are mediated through Membrane, creating third-party credential/data routing plus broad action execution; combined with unpinned @latest installs, this makes the skill medium risk rather than benign.