google-maps

SUSPICIOUS. The skill’s purpose is coherent, and the CLI comes from an official npm package rather than an obviously malicious source, but the core integration routes Google Maps authentication and API activity through Membrane instead of Google directly. That third-party credential/data mediation, plus unpinned CLI installation, creates medium risk even without clear malware indicators.