kingsumo

SUSPICIOUS: The skill is broadly consistent with its stated purpose as a Membrane-based KingSumo integration, and the CLI install source appears official and verifiable. The main risk is architectural: authentication, credentials, and KingSumo data are routed through Membrane as an intermediary rather than directly to KingSumo, plus the CLI is installed via unpinned `@latest`. This is not strong evidence of malware, but it is a moderate-trust integration pattern with third-party credential/data handling.