easy-projects

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the CLI comes from an official npm package rather than an unverified binary. However, all Easy Projects authentication and data access are funneled through Membrane as a third-party intermediary, the install is unpinned (`@latest`), and the skill can create new actions dynamically. This is not clearly malicious, but its trust and data-flow model is broader than a direct Easy Projects integration.