cloudcraft

SUSPICIOUS: the skill is coherent in purpose and uses an official npm-distributed CLI, but it routes all Cloudcraft access, credentials, and action execution through Membrane as an intermediary platform rather than direct Cloudcraft APIs. That makes it higher-risk than a direct integration, though not clearly malicious or deceptive based on the provided evidence.