carapi

SUSPICIOUS: the skill’s stated purpose is CarAPI access, but its real footprint centers on Membrane as an intermediary for authentication, action discovery, and proxy requests. The npm install path is relatively legitimate, but the indirect credential and data flow through Membrane is disproportionate to a simple CarAPI integration and creates avoidable third-party exposure.