docebo

SUSPICIOUS. The skill's overall purpose is coherent, and the CLI comes from an official npm package rather than an obviously malicious source. However, all authentication, connection management, and action execution are funneled through Membrane instead of direct Docebo APIs, creating a third-party credential and data mediation layer; combined with mutable `@latest` installs and remote action generation, this makes the skill higher risk than a direct vendor integration.