veeva-vault

SUSPICIOUS: The skill’s capabilities match its Veeva Vault purpose, and the CLI install path appears to be an official npm-distributed tool rather than a covert payload. The main concern is data-flow and trust expansion: Veeva access and auth are brokered through Membrane, a third-party intermediary, instead of direct calls to Veeva’s official APIs. That makes the skill coherent but higher risk than a direct integration, especially given mutable CLI installation and support for destructive actions.