stannp

SUSPICIOUS. The skill is broadly consistent with a Membrane-hosted Stannp integration and uses an official same-org npm CLI, so there is no strong evidence of malware. However, it shifts trust and data flow from direct Stannp APIs to Membrane-managed services, and the install/execution path is unpinned (`@latest`, `npx`). That makes this a medium-risk third-party gateway skill rather than a simple direct Stannp integration.