grovo

SUSPICIOUS. The skill is coherent as a Membrane-based Grovo connector and uses a same-vendor CLI from npm, so it is not overt malware. However, it routes authentication and Grovo data through Membrane rather than official Grovo APIs, creating third-party credential/data mediation and a broader trust boundary than the skill title suggests.