channeladvisor

SUSPICIOUS: the skill's core purpose is coherent, and the CLI install path appears legitimate via npm, so this is not confirmed malware. But ChannelAdvisor access and data are funneled through Membrane as a third-party broker, and the skill enables consequential commerce actions with only lightweight safeguards, making the overall risk medium.