seam

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses a same-project npm CLI rather than an unknown installer, so this is not strong evidence of malware. However, all Seam access and auth are funneled through Membrane's third-party proxy/service instead of directly to official Seam endpoints, creating a meaningful data-flow and credential-forwarding trust risk; combined with an unpinned global CLI install, this makes the skill medium risk rather than benign.