autodesk-revit

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI install path appears official via npm, so this is not overtly malicious. However, all Autodesk interaction is funneled through Membrane's managed proxy and credential layer rather than directly to Autodesk APIs, which introduces meaningful third-party data-flow and credential-forwarding risk; combined with unpinned CLI execution, this makes the skill moderately risky rather than benign.