ataccama

SUSPICIOUS. The skill is coherent with its stated Ataccama integration purpose and uses an official npm-distributed Membrane CLI, so this is not confirmed malware. However, it requires a separate Membrane account and routes Ataccama authentication and API traffic through Membrane-managed infrastructure, creating a meaningful third-party credential and data-handling risk; combined with the broad proxy capability and unpinned CLI install, this elevates overall security risk above benign.