whosonlocation

SUSPICIOUS: the skill is coherent for a WhosOnLocation integration and uses an official npm-distributed CLI, but it routes authentication and API traffic through Membrane instead of directly to WhosOnLocation. That third-party credential/data mediation is disclosed and plausibly part of the product, so this is not confirmed malware, but it creates meaningful data-flow and trust risk beyond a direct official API integration.