unlaunch

SUSPICIOUS. The skill's purpose is plausible, but its actual footprint centers on Membrane as an intermediary for install, authentication, credential storage, and API execution rather than direct Unlaunch access. This is not confirmed malware and the install source is an official npm package, but the indirection, third-party credential mediation, and unpinned CLI execution create medium security risk.