ipbase

SUSPICIOUS: the skill's overall purpose is coherent, and the install source is an official npm package rather than a covert payload. However, it routes Ipbase access, auth, and action execution through Membrane as an intermediary, expanding trust and weakening direct data-flow integrity; combined with an unpinned global CLI install, this makes it medium risk rather than benign.