getblock

SUSPICIOUS: The skill is mostly coherent with its stated GetBlock integration purpose and uses an official npm-distributed Membrane CLI, so there is no strong evidence of malware. However, it introduces a third-party trust boundary by routing GetBlock access through Membrane rather than directly to GetBlock, and it includes an unpinned `npx ...@latest` execution pattern. Risk is moderate due to proxying and delegated credential handling, not because the capability is mismatched to purpose.