robocorp

SUSPICIOUS: the skill is coherent as a Membrane-based integration, but its actual footprint is a third-party proxy for Robocorp rather than a direct Robocorp skill. The npm install source appears legitimate for Membrane, so this is not confirmed malware, but the unpinned CLI execution and credential/data routing through Membrane make the trust and data-flow profile higher risk than a direct official integration.