u301

SUSPICIOUS: the skill’s core function is coherent with a Membrane-hosted U301 integration, and the CLI install path appears to be official npm distribution. However, credentials and API traffic are routed through Membrane as an intermediary, and the proxy feature enables broad authenticated requests; this is not overtly malicious, but it creates a meaningful third-party trust and data-flow risk beyond a direct U301 client.