shipworks

SUSPICIOUS: The skill is broadly aligned with its stated ShipWorks integration purpose and uses an official-looking same-vendor CLI from npm, so it is not overtly malicious. The main concern is data-flow integrity: all authentication and API activity is routed through Membrane as a third-party intermediary, with mutable `@latest` installation and support for broad action execution/proxy requests that can have real operational effects.