mboum

SUSPICIOUS: the skill’s capabilities broadly match an Mboum integration, but it routes authentication and operations through Membrane rather than directly to Mboum, while the target app’s purpose is described as unknown. The npm-installed CLI appears officially documented, so this is not confirmed malware, but the third-party mediation, broad action execution, and unpinned CLI make the skill medium risk.