realm

SUSPICIOUS: The skill is mostly coherent for a Membrane-based Realm integration and uses an official npm package rather than a random installer, but it proxies authentication and API traffic through Membrane instead of using Realm APIs directly. That intermediary data flow and mutable `@latest` CLI execution create medium risk even without clear malicious behavior.