gift-up

SUSPICIOUS: the skill’s purpose and capabilities are mostly aligned, and the CLI install source appears official, but all Gift Up! access is mediated by Membrane rather than direct official API use. That third-party credential/data routing is a meaningful trust and privacy risk, though not clearly malicious or disproportionate to the stated integration purpose.