ortto

SUSPICIOUS: The skill's functionality is broadly aligned with its stated Ortto integration purpose and the CLI appears to be an official same-org npm package, so this is not confirmed malware. However, all authentication and API traffic are mediated by Membrane rather than going directly to Ortto, creating a third-party credential and data handling dependency, and the skill enables impactful actions like sending messages and deleting or updating records.