snapshot

SUSPICIOUS. The skill is not overtly malicious and uses an official npm-distributed CLI from the same vendor, but its actual footprint is a Membrane-platform integration rather than a direct SnapShot/SnapKit integration. The main concern is third-party mediation of credentials and app data through Membrane, plus a mutable global CLI install and some product-identity ambiguity.