rydoo

SUSPICIOUS: The skill’s stated purpose matches its capabilities, and the CLI install path is same-org via npm, so this is not overt malware. However, the integration is materially mediated by Membrane rather than directly by Rydoo, so Rydoo credentials, sessions, and business data are routed through a third-party platform with dynamic server-side action creation. That intermediary data flow and unpinned CLI install make the skill medium risk.