cyberark

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the install path is an official npm package with matching vendor documentation. The main concern is data-flow integrity: CyberArk API access is mediated through Membrane's proxy and account system, introducing a third-party intermediary for privileged-management operations. This is not confirmed malware, but it is a meaningful trust and privacy risk versus a direct CyberArk integration.