avaza

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses an official npm-distributed Membrane CLI from the same ecosystem, so it does not look outright malicious. The main concern is architectural: all Avaza access and authentication are routed through Membrane as a third-party intermediary, plus the CLI install/runtime is unpinned. That makes this a medium-risk integration skill rather than a benign direct Avaza client.