documentpro

SUSPICIOUS. The skill’s capabilities broadly match its stated purpose, and the CLI comes from an official npm package rather than an unverifiable binary. However, the integration is only possible by routing authentication and DocumentPro API traffic through Membrane as an intermediary, and the lack of official DocumentPro API documentation reduces transparency. This looks more like a legitimate but trust-heavy gateway pattern than outright malware.