forgerock

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the CLI comes from an official npm package tied to the vendor. The main concern is data-flow integrity: ForgeRock access and authentication are mediated by Membrane rather than going directly to official ForgeRock APIs, expanding trust to a third-party service; combined with unpinned `@latest` installs, this creates medium security risk but not evidence of malware.