actindo

The skill’s general purpose is coherent, and its CLI install source appears consistent with Membrane’s official npm/docs presence. However, the core design routes Actindo authentication and API traffic through Membrane as a third-party intermediary, so credentials and ERP data do not flow directly to Actindo. This makes the skill more risky than a normal direct API integration: not clearly malicious, but suspicious enough to classify as medium risk due to proxy-based credential/data handling and unpinned CLI execution.