visitor-queue

SUSPICIOUS: The skill’s main function is coherent, and the CLI install path is from an official npm package, so this is not overt malware. However, it routes Visitor Queue access, credentials, and arbitrary proxy requests through Membrane rather than directly to official service endpoints, creating a third-party trust and data-flow concern that is broader than a simple first-party integration.