cherwell-itsm

SUSPICIOUS. The skill's actions match Cherwell ITSM usage, and the CLI install source is legitimate npm, but the integration is not a direct Cherwell client: it requires a separate Membrane account and routes authentication and API traffic through Membrane's service. That third-party credential and data mediation is the main risk and makes the footprint less aligned with a straightforward Cherwell skill.