akeneo

SUSPICIOUS. The skill is coherent with its stated Akeneo-integration purpose and uses a plausibly official CLI from npm, so it does not look malicious. However, it intentionally routes authentication and all Akeneo operations through Membrane rather than Akeneo's official API, creating a third-party credential/data intermediary and a moderate data-flow risk; the unpinned @latest install adds supply-chain exposure.