dandelion

SUSPICIOUS: the skill's functionality is broadly consistent with a Dandelion integration, but it routes all access through Membrane rather than Dandelion's official API, creating an intermediary trust and data-flow boundary. The npm-based CLI install is more credible than a raw downloader, so this is not malicious, but the third-party mediation and unpinned global CLI keep the overall risk at medium.