sellix

SUSPICIOUS: The skill is coherent as a Membrane-based Sellix connector, and the CLI provenance appears legitimate via npm. However, the actual data flow is not a direct Sellix integration: authentication and API traffic are brokered through Membrane, including proxy requests, which introduces notable credential-forwarding and intermediary data-flow risk. No clear malware indicators or overtly disproportionate permissions were found.