abstract

SUSPICIOUS: The skill's purpose and capabilities mostly align for an Abstract integration, and the CLI comes from an official npm package rather than an obviously rogue installer. The main concern is data-flow integrity: all authentication and API operations are routed through Membrane as an intermediary instead of directly to Abstract, so users must trust a third-party platform and CLI with account access and data handling. This is not clearly malicious, but it is broader and riskier than a direct API integration.