sesame

SUSPICIOUS: The skill’s purpose matches Sesame integration, and the CLI source appears official via npm, so this is not confirmed malware. However, the actual data flow is through Membrane as an intermediary for authentication, token refresh, and proxy requests, which is disproportionate to a plain Sesame skill and creates meaningful third-party data and credential handling risk.