copernica

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the CLI install path is a legitimate npm-based same-vendor distribution. The main concern is data-flow integrity: Copernica access is mediated through Membrane’s proxy and credential storage, so a third party sits in the auth and data path. This is disclosed and plausibly part of the product design, so it is not outright malicious, but it increases trust and privacy risk beyond a direct Copernica integration.