drchrono

SUSPICIOUS: the skill is internally coherent and uses an official-looking npm-distributed CLI, but it routes authentication and sensitive DrChrono/PHI traffic through Membrane rather than directly to official DrChrono APIs. That third-party credential and data mediation is the main risk, especially given the sensitivity of healthcare records and the ability to perform real-world record changes.