eyepopai

SUSPICIOUS: the skill is coherent as a Membrane-based integration, and the CLI source appears legitimate, but it routes EyePop authentication and API traffic through Membrane rather than directly to official EyePop endpoints. That intermediary data flow and unpinned CLI install create medium security risk, without clear evidence of malware.