chocolatey

SUSPICIOUS: the skill’s basic purpose is coherent, but its actual footprint is broader than a normal Chocolatey integration because all authentication and actions are mediated through Membrane, a third-party platform. The install path is moderately trustworthy (official npm/docs) yet mutable, and the data flow/credential handling rely on Membrane rather than direct Chocolatey interfaces, which raises medium security risk without constituting confirmed malware.