akeneo

This skill is a connector wrapper that delegates authentication and API calls to the Membrane CLI/service. There is no explicit malicious code, no direct instructions to download and execute arbitrary remote scripts, and no attempts to read local secret files. The primary security concerns are supply-chain and data-exposure risks tied to installing a third-party global CLI and routing all Akeneo API traffic and credentials through Membrane's servers. If the user trusts Membrane and the @membranehq npm package, the functionality is coherent with its stated purpose. If the user cannot trust a third-party proxy to handle sensitive product data or credentials, this skill is unsuitable. Overall, this is not clearly malicious but has moderate security implications due to third-party credential handling and global install requirements.