unbox

SUSPICIOUS: the skill's core function is coherent, and the CLI provenance is plausibly first-party via npm, but all Unbox access and credentials are mediated through Membrane rather than direct official Unbox endpoints. That third-party credential/data routing, combined with mutable @latest installs and the incorrect ARKit docs link, makes the skill higher-risk than a normal direct SaaS integration, though not malicious on the available evidence.