ipdataco

SUSPICIOUS: The skill is mostly coherent and uses a vendor-consistent npm CLI, so it does not look malicious. However, its stated purpose is Ipdata.co access while all auth and API operations are mediated by Membrane, and the skill installs/executes an unpinned external CLI as the primary path. This is a medium-risk third-party trust and data-routing design, not clear malware.