auth0

SUSPICIOUS. The skill’s purpose is plausible, and the CLI install path is a standard npm package rather than a raw download-execute chain, so this is not confirmed malware. However, the actual data flow is indirect: Auth0 access and credentials are routed through Membrane infrastructure, which is broader than a simple Auth0 skill and creates third-party credential and data exposure. The trust model depends on Membrane’s hosted service, uses unpinned `@latest` installs, and forwards Auth0 operations through an intermediary instead of official Auth0 APIs, making the overall risk medium.