beacon

SUSPICIOUS. The core behavior is mostly coherent for a Membrane-hosted Beacon integration, and the CLI comes from an official npm scope tied to the publisher. However, the skill routes Beacon access through Membrane rather than official Beacon endpoints, relies on mutable `@latest` installs, and includes a mismatched Beacon/Estimote docs link that undermines trust. This looks more like a medium-risk third-party integration pattern than confirmed malicious behavior.