ihomefinder

SUSPICIOUS: the skill’s purpose broadly matches its capabilities, and the CLI source appears legitimate, but it routes authentication and app data through Membrane as a managed intermediary instead of direct official API calls. That expanded trust boundary, mutable `@latest` install, and doc mismatch around IHomefinder vs IDX Broker make this higher risk than a direct official integration, though not malicious on its face.