mason

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI install source is legitimate. However, all Mason access is mediated through Membrane, including arbitrary proxy requests, so data and auth are routed through a third-party intermediary rather than directly to official Mason APIs. This is not clearly malicious, but it introduces medium security risk and warrants caution.