fonoa

SUSPICIOUS: The skill is internally coherent as a Membrane-based Fonoa integration, and the CLI install source appears official. The main risk is architectural: Fonoa credentials and API traffic are funneled through Membrane's intermediary platform rather than direct Fonoa endpoints, plus the CLI install/run uses mutable latest versions. This is not clearly malicious, but it adds medium trust and data-flow risk beyond a direct vendor integration.