sap-c4c

SUSPICIOUS: The skill's core function is coherent with SAP C4C integration, and the CLI install path is relatively normal via npm. However, all authentication, action discovery, dynamic action generation, and SAP data access are routed through Membrane rather than official SAP APIs, creating a significant third-party trust boundary for enterprise CRM data. This is not confirmed malware, but it is a medium-risk integration skill with notable credential/data mediation and unpinned dependency concerns.