mem-index

SUSPICIOUS: The skill's stated function is simple and proportionate, but its only action is to execute an unpinned `npx` package whose provenance could not be verified from the provided evidence. This is mainly a supply-chain trust issue rather than clear malicious behavior or credential harvesting.