wb

SUSPICIOUS: the skill’s core behavior is coherent with its stated purpose, but it shifts W&B access, authentication, and action execution to Membrane as an intermediary. Install trust is moderate rather than severe because the CLI comes from npm and appears vendor-related, but the third-party mediation, mutable `@latest` installs, and credential/data routing through Membrane make this riskier than a direct W&B integration.