getform

SUSPICIOUS: the skill’s basic purpose is coherent, and the CLI source appears to be first-party via npm, but the actual integration is mediated through Membrane rather than directly with Getform. That extra intermediary account, proxy path, and mutable CLI install make the skill medium risk despite no clear signs of malware or obfuscation.