overledger

SUSPICIOUS: the skill is not overtly malicious and uses a plausibly official CLI from npm, but its real footprint is broader than an Overledger integration. The main concern is data-flow integrity: users are told they are using Overledger, while auth, action discovery, and execution are mediated by Membrane as a third-party platform, with unpinned CLI execution increasing trust risk.