pipefy

SUSPICIOUS. The skill’s capabilities fit its stated Pipefy integration purpose, and the CLI comes from npm rather than an opaque binary source. However, all authenticated Pipefy access is intentionally funneled through Membrane’s infrastructure, creating a third-party credential and data intermediary that is broader than direct Pipefy API use. This is not confirmed malware, but it is a medium-risk trust-boundary expansion with moderate supply-chain and data-routing concerns.