snipe-it

SUSPICIOUS: the skill is coherent with its stated purpose, and the installer appears to be the publisher’s official npm package, so this is not outright malicious. However, all Snipe-IT access and authentication are routed through Membrane as a third-party intermediary, and the skill can create remote actions dynamically; this is a meaningful trust and data-flow expansion beyond a direct Snipe-IT integration.