sheetsu

SUSPICIOUS: The skill's purpose is coherent, and the CLI install path is reasonably legitimate via npm, but Sheetsu access is mediated through Membrane rather than directly to Sheetsu. That third-party proxy/auth model is disclosed and may be intentional, yet it creates medium risk because user data and service credentials flow through an intermediary platform.