okta

SUSPICIOUS. The skill's capabilities match its stated Okta admin purpose, and the CLI comes from a plausible first-party npm package, so this is not strong evidence of malware. However, all authentication and API access are funneled through Membrane rather than direct Okta endpoints, creating a third-party trust boundary for identity data, and the skill enables sensitive admin actions with real operational impact.