uberduck

SUSPICIOUS: the skill's purpose broadly matches Uberduck integration, and the Membrane CLI install path appears same-org and officially documented, so this is not confirmed malware. However, the skill routes all authentication and API interaction through Membrane rather than Uberduck directly, creating intermediary data-flow and credential-forwarding risk that is higher than a normal direct API integration.