smoove

SUSPICIOUS: the skill is coherent as a Membrane-based Smoove connector, and the CLI source appears official, but it routes authentication and Smoove data through Membrane rather than the official Smoove API directly. The main risks are third-party credential custody and intermediary data flow, plus unpinned `@latest` CLI execution; this is not confirmed malware.