cloudentity

SUSPICIOUS: The skill is mostly coherent and uses an official npm-distributed CLI from the apparent same vendor, so there is no strong malware signal. However, it routes Cloudentity authentication and data operations through Membrane rather than directly to official Cloudentity APIs, creating a third-party credential and data-flow trust dependency; combined with unpinned latest CLI execution, this makes the skill medium risk rather than benign.