totango

SUSPICIOUS: the skill's core purpose is plausible and its CLI comes from an official registry, but the real data flow is through Membrane as an intermediary for authentication, token refresh, and API proxying rather than direct Totango endpoints. That expanded trust boundary is proportionate to the vendor's platform model but should be treated as medium risk, not benign direct integration.