route4me

SUSPICIOUS: the core function is coherent as a Route4Me integration, and the CLI install path appears to be official npm-based rather than an opaque binary. However, the skill routes Route4Me access through Membrane as a third-party intermediary and grants broad proxy/action capability, which expands data exposure and operational impact beyond a direct official API integration. This looks more like a legitimate but medium-risk integration skill than malware.