gosquared

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI comes from an official npm package tied to the same product ecosystem. However, all GoSquared authentication and data access are routed through Membrane rather than directly to GoSquared, and the skill installs an unpinned third-party CLI that can create and run server-side actions. This is not clearly malicious, but it introduces meaningful trust and credential-forwarding risk beyond a simple direct API integration.