ip2location

SUSPICIOUS: The skill's stated purpose matches its capabilities, and the CLI comes from an official npm package, so this is not malware-like. However, it routes all IP2Location access through Membrane as a credentialed intermediary instead of the official IP2Location API, which creates medium data-flow and trust risk, amplified by mutable @latest installs.