usercom

SUSPICIOUS: the skill’s purpose and capabilities are mostly aligned, and the CLI comes from an official same-vendor npm package, so this is not overt malware. However, the core integration routes User.com authentication and data operations through Membrane as a third-party intermediary instead of direct official User.com APIs, which creates a meaningful data-flow and trust-boundary concern; combined with unpinned CLI execution, this makes the skill medium risk rather than benign.