fidel-api

SUSPICIOUS: the skill is coherent in purpose, uses an official npm package from the same vendor, and does not show overt malware or obfuscation. However, it intermediates Fidel access through Membrane infrastructure and CLI-managed connections instead of Fidel’s official direct API flow, creating meaningful credential and data-routing trust concerns. Risk is medium rather than high because the install path is official npm and the behavior is openly documented, but the third-party gateway model is broader than a minimal Fidel API skill.