omniconvert

SUSPICIOUS. The skill is internally coherent as a Membrane-based Omniconvert integration, and the CLI install path appears to be the official npm package rather than an unverifiable payload. The main risk is architectural: all authentication and API access are routed through Membrane's hosted service and proxy instead of directly to Omniconvert, so credentials and business data are exposed to a third-party intermediary. This is disclosed and plausibly intentional, so it is not confirmed malware, but it creates a meaningful trust and data-flow risk above a direct API integration.