clockify

SUSPICIOUS: the skill's capabilities broadly match Clockify integration, and the CLI install source is a normal npm package, but the core design routes authentication and all API activity through Membrane instead of Clockify's official API. That third-party gateway is proportionate to the stated Membrane-based product model, yet it creates medium data-flow risk because Clockify access and results are mediated by an external service.