cometly

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI comes from an official registry, but all authentication and API traffic are funneled through Membrane instead of directly to Cometly. That third-party credential/data mediation is disclosed and plausibly integral to the product, so this is not malicious, but it creates medium security risk and elevated trust requirements.