cludo

SUSPICIOUS: the skill's purpose and capabilities mostly align, and the CLI install path is legitimate, but the integration routes Cludo authentication and API traffic through Membrane rather than directly to Cludo. That third-party credential and data mediation creates a meaningful trust and data-flow risk, though not strong evidence of malware.