signpath

SUSPICIOUS: The skill's stated purpose is coherent, and the CLI install source is legitimate, but the actual data flow is through Membrane as a third-party intermediary rather than directly to SignPath. That makes the skill higher risk than a direct first-party API integration, though not overtly malicious.