archbee

SUSPICIOUS. The skill is coherent with its stated Archbee integration purpose and uses an official npm-distributed Membrane CLI, so there is no strong evidence of malware. However, it centralizes authentication and API traffic through Membrane rather than using Archbee directly, creating meaningful third-party credential-forwarding and data-routing risk; combined with unpinned `@latest` installs, this makes the skill medium risk rather than benign.