financialforce

SUSPICIOUS. The skill's capabilities broadly match its stated FinancialForce integration purpose, and the npm-hosted CLI appears to be the vendor's documented distribution path. However, the core design routes authentication and API traffic through Membrane's intermediary proxy instead of directly to official FinancialForce/Certinia endpoints, and it relies on an external CLI with unpinned execution examples. This is not strong evidence of malware, but it is a medium-risk third-party trust and data-routing pattern that warrants caution.