strongdm

SUSPICIOUS: the skill's stated purpose is StrongDM integration, but its real footprint is a Membrane-mediated proxy workflow. The install source is relatively legitimate (official npm package, same-vendor context), so this is not confirmed malware, but routing authentication and StrongDM data through a third-party orchestration service is a notable trust and data-flow mismatch for a service-specific skill.