flippingbook

The skill is mostly coherent with its stated purpose, and the CLI install path appears legitimate via npm. However, it centralizes FlippingBook authentication and API traffic through Membrane's third-party platform and proxy, which creates a meaningful trust and data-flow concern. Overall this is better classified as suspicious-by-architecture than malicious.