jumpcloud

SUSPICIOUS. The skill’s capabilities match its stated JumpCloud integration purpose and the CLI source appears officially distributed via npm, so this is not overtly malicious. However, the skill depends on Membrane as a third-party intermediary for authentication and API proxying, meaning JumpCloud credentials and data flow through Membrane rather than directly to JumpCloud; combined with mutable `@latest` installs, this creates a meaningful but not clearly malicious trust and data-flow risk.