1kosmos-blockid

SUSPICIOUS. The skill is internally coherent as a Membrane-based 1Kosmos integration guide, and its install path uses an official npm package rather than a raw downloader. However, it routes authentication and API traffic through Membrane instead of directly to 1Kosmos, creating a moderate third-party credential/data mediation risk; the unpinned `@latest` CLI install adds minor supply-chain risk.