motion

SUSPICIOUS: The skill’s purpose and capabilities are mostly aligned, and the CLI comes from an official registry with vendor-consistent documentation. However, all Motion access is mediated through Membrane rather than Motion’s official API, so user data and auth flow through a third-party platform; combined with an unpinned global CLI install, this creates medium security risk without clear evidence of malware.