hologram

The skill is not overtly malicious and its CLI provenance is reasonably consistent with the publisher, but it is not a pure Hologram integration. Its main risk is architectural: all Hologram interactions are mediated by Membrane, a third-party platform that handles auth and action execution, creating moderate data-flow and trust-boundary concerns. Overall classification: SUSPICIOUS due to intermediary routing and broad remote-action scope, not confirmed malware.