fiorano-software

SUSPICIOUS. The skill is coherent in purpose and uses an official-looking npm CLI from the same publisher ecosystem, so it is not overtly malicious. However, it routes Fiorano authentication and data operations through Membrane-managed infrastructure instead of direct Fiorano APIs, creating medium trust and data-flow risk centered on third-party credential/data handling.