vies-api

SUSPICIOUS: the skill is mostly coherent as a Membrane-based API connector, and its CLI install path is official npm rather than an unverifiable binary. However, the actual data flow is not a direct VIES integration: authentication and requests are routed through Membrane's intermediary service, and the documentation blurs VIES vs APILayer. This is not confirmed malware, but it introduces meaningful trust and data-flow risk beyond a straightforward official API skill.