code42

SUSPICIOUS: the skill's overall purpose matches its capabilities, and the CLI comes from an official registry package linked to the same product ecosystem, so this is not confirmed malicious. However, all Code42 access and authentication are routed through Membrane as a third-party intermediary, and the install path uses unpinned `@latest`/`npx` execution; that makes the skill medium risk despite otherwise coherent documentation.