zephyr-scale

SUSPICIOUS: the skill’s functionality broadly matches its Zephyr Scale purpose, and the CLI install path is from an official registry, so this is not clearly malicious. However, it routes authentication, data access, and action generation through Membrane rather than directly to SmartBear, creating a meaningful third-party trust and credential-forwarding risk with mutable CLI installation and server-side action building.