cloudentity

SUSPICIOUS. The skill is internally coherent as a Membrane-based Cloudentity connector and uses an official npm-published CLI, so this is not strong malware evidence. However, it routes Cloudentity authentication and API traffic through Membrane instead of the official service directly, creating a meaningful third-party trust and data-flow risk, compounded by unpinned `@latest` installs.