openapi-generator

SUSPICIOUS: The skill is not overtly malicious and uses an official npm package from the same publisher, but its real function is a Membrane-mediated integration rather than direct OpenAPI Generator use. The main risk is data-flow integrity: authenticated requests and credentials are handled through Membrane as an intermediary, which is disclosed but broader than the skill title suggests. Overall this is a coherent vendor-authored integration skill with moderate third-party trust and proxying risk, not confirmed malware.