dromo

SUSPICIOUS. The skill is mostly coherent as a Membrane-hosted Dromo integration and uses an official npm-distributed CLI, but it introduces a third-party trust boundary: authenticated Dromo access and API traffic are routed through Membrane infrastructure instead of directly to Dromo. That is not outright malicious, but it is a meaningful data-flow and credential-handling risk compared with a direct Dromo integration.