reclaim

SUSPICIOUS. The skill is broadly aligned with its stated Reclaim integration purpose and uses an official-looking npm-distributed Membrane CLI, so it is not fundamentally malicious. However, it routes all Reclaim access through Membrane as an intermediary, relies on mutable `@latest` CLI execution, and enables remote action creation/execution, which creates meaningful supply-chain and data-flow trust risk.