piano

SUSPICIOUS. The operational behavior mostly matches a Membrane-hosted integration skill and uses an official npm-distributed CLI, so this is not confirmed malware. However, the skill has a major purpose/documentation mismatch and routes authentication and API traffic through Membrane as an intermediary, which makes the footprint broader and less trustworthy than a direct Piano integration.