entrust-datacard

The skill is coherent for Entrust Datacard integration and uses an official same-vendor CLI from npm, so the install path looks benign. The main risk is data-flow integrity: Entrust requests and credentials are mediated by Membrane rather than going directly to Entrust, which is a proportionate but higher-trust architecture. Overall this is suspicious from a security-review standpoint due to third-party credential/data brokering, not malicious.