tellent

SUSPICIOUS: The overall footprint is mostly consistent with a Tellent integration, and the CLI comes from the official npm scope. The main concern is data-flow integrity: Tellent access is mediated through Membrane's proxy and account system rather than direct official Tellent endpoints, creating third-party trust and visibility into HR data. Unpinned `@latest` installs add moderate supply-chain risk, but there is no clear evidence of malware, credential theft, or covert behavior.