meesho

SUSPICIOUS: The skill is largely coherent as a Membrane-based Meesho integration and uses an official npm-distributed CLI from the same publisher, so it does not look malicious. However, all authentication and API traffic are routed through Membrane instead of directly to official Meesho endpoints, and the generic connector/proxy model plus unpinned `@latest` CLI usage create meaningful trust and data-flow risk beyond a narrowly scoped Meesho skill.