procore

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI install path appears official. However, it routes authentication, credentials, and Procore data through Membrane as an intermediary platform, and it enables remote action generation/execution with potential write access to real business systems. This is not clearly malicious, but the trust and data-flow footprint is broader than a direct Procore integration and warrants medium risk.