wufoo

SUSPICIOUS: the skill's stated purpose is coherent, and the install path uses an official npm package rather than a raw downloader, so this is not overtly malicious. However, it proxies Wufoo access and credential handling through Membrane instead of using Wufoo's official API directly, creating a meaningful third-party trust and data-flow risk; overall this is a proportionate but intermediary-heavy integration.