commandbar

SUSPICIOUS. The skill is broadly coherent with its stated purpose and uses an official npm package from the same publisher ecosystem, so there is no strong evidence of malware. However, it routes CommandBar access through Membrane as a third-party intermediary, uses mutable `@latest` installs, and enables authenticated remote actions through a proxy, which raises medium security risk even though the overall footprint appears purpose-aligned.