usersketch

SUSPICIOUS: The skill is mostly coherent as a Membrane-hosted integration and uses a legitimate same-org npm CLI, so there is no strong evidence of malware. However, it routes all app interaction through Membrane instead of official service APIs, installs an unpinned global CLI, and has a notable documentation/purpose mismatch between UserSketch and Sketch that makes the integration boundaries unclear.