sellhack

SUSPICIOUS: the skill's purpose and capabilities mostly align, and its CLI install path is from an official registry rather than a raw download. The main concern is data-flow integrity: SellHack access and auth are mediated by Membrane, so sensitive business data and credentials are effectively entrusted to a third-party proxy service instead of going directly to SellHack. This is not clearly malicious, but it is a meaningful trust and credential-forwarding risk.