m3ter

SUSPICIOUS: The skill's purpose and commands are internally coherent, and the CLI appears to be an official same-org npm package. The main concern is data-flow integrity: M3ter access and credential lifecycle are routed through Membrane rather than directly to official M3ter APIs, creating a third-party trust boundary. Supply-chain risk is moderate due to mutable `@latest`/`npx` execution, but there is not enough evidence of malware or deceptive behavior.