inedo-otter

SUSPICIOUS. The skill’s stated purpose matches Otter management, and the CLI install path is legitimate npm-based same-vendor tooling. However, authentication, credential storage, and API traffic are routed through Membrane rather than directly to official Inedo Otter APIs, creating a meaningful third-party credential and data-brokerage risk. This looks more like a managed integration gateway than malware, but the intermediary data flow and broad proxy access make it medium risk.