invision-community

SUSPICIOUS: the skill is broadly aligned with its stated purpose, and the CLI install path is same-vendor and registry-based, so this is not strong evidence of malware. However, the actual integration is mediated through Membrane’s hosted auth and proxy layer rather than direct Invision Community APIs, which introduces meaningful third-party credential and data-flow risk plus mutable `@latest` supply-chain exposure.