celonis-ems

SUSPICIOUS: the skill's purpose is plausible, and the CLI source appears official, but the integration is not a direct Celonis connector. It requires trusting Membrane as an intermediary for authentication, credential handling, and data access, which is a meaningful data-flow and scope expansion relative to a plain Celonis skill. Main risk is third-party gateway dependence plus unpinned CLI install, not confirmed malware.