userlist

SUSPICIOUS. The skill’s capabilities broadly match its purpose, and the CLI source appears official, so this is not overtly malicious. However, it introduces a third-party control plane: Userlist authentication and data access are routed through Membrane rather than direct official Userlist APIs, and the CLI install is unpinned (`@latest`). That makes the skill medium-risk from a data-flow and supply-chain perspective, even though the behavior is disclosed and proportionate.