grab-your-reviews

SUSPICIOUS. The skill’s general purpose is coherent, and the CLI install path is from an official registry, but the data flow is brokered through Membrane as a third-party intermediary rather than a clearly matched Grab Your Reviews API, and the cited official docs appear inconsistent with the product. This is not confirmed malware, but it carries meaningful trust and data-routing risk, plus moderate risk from enabling outbound invitations.