avochato

The skill is not overt malware, but it is a medium-risk third-party proxy integration. Its purpose is coherent at a high level, yet the actual footprint relies on Membrane as an intermediary for authentication, data access, and action execution instead of using Avochato's official API directly. That extra trust boundary and the ability to perform outbound messaging make it suspicious enough to warrant caution.