trinet

SUSPICIOUS: The skill’s capabilities mostly match its stated TriNet integration purpose, and the CLI comes from a legitimate official npm package. The main risk is architectural: all authentication and TriNet data access are routed through Membrane, a third-party intermediary, which is broader trust than a direct official API integration and exposes sensitive HR data to an external platform. This is not confirmed malware, but it is medium risk due to third-party credential/data mediation and unpinned CLI installation.