lawmatics

SUSPICIOUS. The skill is broadly aligned with its stated purpose and uses an official-looking npm-distributed Membrane CLI, so it does not look outright malicious. However, all Lawmatics access, credentials, and generated actions are mediated through Membrane rather than direct Lawmatics APIs, creating meaningful third-party trust and data-flow risk; combined with unpinned CLI install and dynamic action generation, this is more than a low-risk documentation/integration skill.