clearout

SUSPICIOUS: the skill is internally coherent as a Membrane-based Clearout integration, but it introduces a significant third-party mediation layer where Clearout auth and data flow through Membrane instead of directly to Clearout. Install provenance is reasonably legitimate via npm, so this is not confirmed malware; the main concerns are intermediary data flow and trust in a globally installed, unpinned CLI.