vmware

SUSPICIOUS: The skill's purpose and capabilities are broadly aligned, and the CLI comes from an official npm package rather than an unverifiable binary. However, the integration routes authentication, credentials, and VMware API traffic through Membrane instead of VMware directly, creating a meaningful third-party trust and data-flow risk; mutable `@latest` installs add moderate supply-chain risk.