yuja

SUSPICIOUS. The skill’s purpose and capabilities mostly align: it is a YuJa integration guide built around Membrane’s documented CLI and connection model. The main concerns are trust and data-flow related, not clear malware: users must install a third-party CLI, use an unpinned latest version, and route YuJa authentication/data through Membrane rather than directly to YuJa. This is disclosed and plausibly legitimate, but it meaningfully expands credential custody and service trust beyond the named SaaS.