onfleet

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the Membrane CLI install path is an official npm distribution rather than a suspicious downloader. However, the integration routes authentication and Onfleet API traffic through Membrane’s intermediary platform/proxy instead of directly to Onfleet, creating meaningful third-party credential and data exposure; combined with broad proxy capability and unpinned `@latest` usage, this is higher-risk than a direct official API integration but not clearly malicious.