golioth

SUSPICIOUS: the skill's functionality matches its stated Golioth purpose, and the install path is a normal npm package rather than a black-box binary. However, all authentication, credential refresh, and API access are routed through Membrane, a third-party intermediary, expanding trust and data exposure beyond a direct Golioth integration.