autodesk-bim-360

SUSPICIOUS: The skill is coherent in purpose and uses an official-looking same-publisher CLI from npm, so it is not outright malicious. However, it routes Autodesk authentication and API traffic through Membrane as an intermediary, expanding trust and data exposure beyond a direct BIM 360 integration; this makes the skill medium risk rather than benign.