duffel

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI install path appears to be official npm distribution from the same vendor. However, the skill routes authenticated Duffel activity through Membrane's intermediary service instead of directly to Duffel, creating a third-party credential and data handling dependency that is broader than a direct API integration.