tomtom

SUSPICIOUS: the skill's core purpose is TomTom integration, but it requires a separate Membrane account and routes authentication and API traffic through Membrane infrastructure rather than directly to TomTom. The installer appears same-publisher and official via npm, so this is not strong malware evidence, but the intermediary credential/data flow makes the skill higher-risk than a direct TomTom client.