eversign

SUSPICIOUS. The skill is broadly aligned with Eversign management and uses a legitimate npm-distributed CLI, so it is not overtly malicious. However, it routes authentication and API access through Membrane rather than directly to Eversign, expanding trust and data exposure to a third-party intermediary, and it enables consequential actions like email reminders and document deletion. Overall risk is medium due to proxy-based data flow and broad operational scope, not because of clear malware behavior.