unbox

SUSPICIOUS: The skill's core purpose is mostly aligned with its capabilities, and the install path uses an official npm package from the apparent publisher. However, all authenticated Unbox access is mediated through Membrane rather than direct official API endpoints, creating a third-party data and credential trust boundary, and the unrelated ARKit docs link signals documentation inconsistency.