unifiedto

SUSPICIOUS: the skill is internally coherent as a Membrane-based integration guide, and the CLI comes from the official npm registry, so this is not confirmed malicious. However, the stated purpose is Unified.to interaction while the actual data and auth path are routed through Membrane as an intermediary service, and the mutable `@latest` CLI install plus third-party credential/data handling make the overall risk medium.