mendix

SUSPICIOUS. The skill is purpose-aligned and uses an official npm-distributed CLI, so it does not look overtly malicious. However, it requires a separate Membrane account and routes Mendix authentication and API traffic through Membrane’s proxy/service rather than directly to official Mendix endpoints, creating meaningful third-party credential and data-flow risk.