ubiq-security

SUSPICIOUS: The skill is broadly coherent with its stated purpose, and the install path is an official npm package rather than a raw download-execute chain. However, all Ubiq interaction is funneled through Membrane’s managed connection and action system, so credentials and data are delegated to a third-party intermediary instead of the official service directly. That makes this a medium-risk trust and data-flow concern, not confirmed malware.