beeswax

SUSPICIOUS. The skill’s capabilities generally match its Beeswax-management purpose and the CLI comes from an official npm package, so this is not overtly malicious. The main concern is data-flow integrity: all authentication and API traffic are funneled through Membrane as an intermediary, with server-side credential handling and proxy requests, which is a meaningful trust expansion beyond direct Beeswax access. Overall this looks coherent but medium risk due to third-party credential delegation, proxying, mutable CLI install, and support for state-changing actions.