hr-cloud

The skill is internally coherent and uses an official same-org CLI from npm, so it does not look malicious. However, it is not a direct HR Cloud integration: credentials and HR API traffic are mediated by Membrane, a third-party gateway, which creates meaningful data-flow and credential-forwarding risk for sensitive HR records. Overall this is best classified as suspicious/high-vulnerability rather than benign or malware.