forgerock

SUSPICIOUS: the skill is mostly coherent for a ForgeRock integration and uses an official npm-distributed Membrane CLI, but all API access and authentication are funneled through Membrane rather than directly to ForgeRock. That intermediary proxy model is a meaningful data-flow and trust expansion, making the skill higher risk than a direct official-service integration, though not clearly malicious.