little-green-light

SUSPICIOUS: The skill is mostly coherent and uses an official npm-distributed CLI from the same vendor, so it does not look overtly malicious. However, it routes authentication, credentials, and Little Green Light operations through Membrane as a third-party intermediary rather than directly to official Little Green Light APIs, which creates meaningful trust and data-flow risk; combined with mutable @latest installs, this is better classified as suspicious than benign.