connectall

SUSPICIOUS: The skill's capabilities mostly fit its stated ConnectALL integration purpose, and the installer is an official npm package rather than an obvious malware dropper. The main concern is data-flow integrity: all auth and API traffic are funneled through Membrane as an intermediary, not directly to ConnectALL, so the user must trust a third-party CLI/service with credentials, token refresh, and potentially sensitive ConnectALL data. This is coherent with the product design but raises medium security risk.