frameio

SUSPICIOUS: the skill is broadly coherent as a Frame.io integration and uses an official npm-distributed CLI, but its core design routes authentication and API traffic through Membrane rather than directly to Frame.io. That third-party mediation makes the data flow and trust model materially broader than a direct service integration, raising medium security risk without clear evidence of outright malware.