ipbase

SUSPICIOUS: The skill’s core behavior mostly matches its stated Ipbase integration purpose, and the CLI comes from an official npm package under the same brand. The main concern is data-flow integrity: all Ipbase access is mediated through Membrane, an intermediary service that handles authentication and proxying, which expands trust beyond the official API. This is not clearly malicious, but it is a medium-risk third-party gateway pattern with some additional supply-chain risk from unpinned `npx @latest` usage.