squarespace

SUSPICIOUS: The skill's capabilities broadly match its Squarespace-management purpose, and the CLI comes from an official npm package tied to the publisher. The main concern is data-flow integrity: authentication and API traffic are routed through Membrane as a third-party intermediary instead of directly to Squarespace, plus the install/runtime path uses mutable latest versions. This is not confirmed malware, but it introduces medium security risk and a broader trust boundary than a direct official API integration.