zype

SUSPICIOUS: the skill's stated purpose is Zype integration, but its actual operation depends on a third-party Membrane CLI and proxy that handles authentication and relays API traffic. The install source is relatively trustworthy (official npm package), so this is not strong malware evidence, but the data flow is not direct to Zype and credentials/trust are delegated to an intermediary service, making the footprint broader than a typical single-service integration skill.