visitor-queue

SUSPICIOUS: The skill is coherent for a Membrane-published integration and uses an official npm-distributed CLI, so it does not look like confirmed malware. However, its real footprint is broader than a direct Visitor Queue integration because all auth and action traffic is mediated through Membrane, creating meaningful third-party data-flow and trust concerns; combined with mutable `@latest` installs, this makes it medium risk rather than benign.