logistia-route-planner

SUSPICIOUS. The skill's capabilities mostly match its stated purpose, and the install path appears to use an official npm-distributed CLI. However, the core integration routes authentication, credentials, and API traffic through Membrane rather than directly to Logistia, expanding trust to a third-party control plane. This is disclosed and plausibly legitimate, so it is not malicious, but the combination of unpinned CLI execution and proxy-mediated credential/data flow makes the skill medium risk.