eversign

SUSPICIOUS. The core purpose is coherent for an Eversign admin skill, and the CLI install path is reasonably legitimate via npm. The main concern is that all authentication and API traffic are mediated by Membrane rather than going directly to Eversign, which introduces third-party credential/data handling and broad action capability, including destructive and email-sending operations.