stack-ai

SUSPICIOUS. The skill’s capabilities generally match its stated purpose, and the CLI comes from an official npm package with documentation support. However, all Stack AI auth and action traffic is mediated through Membrane rather than direct Stack AI APIs, creating meaningful third-party credential and data-flow risk; combined with unpinned `@latest` installs, this makes the skill medium risk rather than benign.