cherwell-itsm

SUSPICIOUS: the skill is coherent as a Cherwell integration guide, and its install source appears legitimate, but it routes authentication and Cherwell operations through Membrane rather than direct official Cherwell APIs. That intermediary design is disclosed and plausibly intended, so this is not malware, but it creates medium security and data-flow risk.