mparticle

SUSPICIOUS: The skill's purpose and commands are mostly coherent, and the CLI comes from the official npm registry, so this is not overtly malicious. However, it routes MParticle authentication and data through Membrane as a third-party intermediary instead of the official MParticle API, creating meaningful credential and data-flow trust concerns; combined with the mutable @latest install, this makes the skill medium risk rather than benign.