aftership

SUSPICIOUS: the skill is coherent as a Membrane-powered AfterShip connector, and its install source is reasonably trustworthy, but it routes authentication and API activity through Membrane instead of direct AfterShip endpoints. That third-party mediation is disclosed, so this is not confirmed malware, but it creates medium security and data-flow risk relative to a direct AfterShip integration.