twingate

SUSPICIOUS. The skill is internally coherent as a Membrane-based Twingate integration, and its CLI install path is legitimate. The main risk is architectural: all Twingate access and auth are routed through Membrane rather than Twingate's official API, creating third-party credential/data exposure that is broader than a direct Twingate integration. Not confirmed malware, but medium risk due to credential forwarding and intermediary data flow.