writer

SUSPICIOUS. The skill’s capabilities broadly match its stated purpose, and the CLI appears to come from the same Membrane publisher via npm. The main concern is data-flow and credential centralization: Writer access is mediated through Membrane, so tokens and content are entrusted to a third-party integration layer rather than Writer directly. This is not clear malware, but it is a medium-risk external-platform dependency with unpinned CLI installation and delegated credential handling.