claid-ai

SUSPICIOUS: the skill’s capabilities mostly match its stated purpose, and the CLI install path appears to be official npm-backed tooling from the same vendor ecosystem. The main concern is data-flow integrity and credential scope: access to Claid is mediated through Membrane rather than direct official Claid APIs, so credentials and user data are entrusted to a third-party platform. This is not clearly malicious, but it is a meaningful trust expansion combined with unpinned `@latest` CLI execution.