oracle-field-service

SUSPICIOUS: the skill is coherent as an Oracle Field Service integration, and the CLI install path is official npm rather than a hidden payload, but the real integration surface is Membrane as a third-party intermediary. That means Oracle data and connection credentials are routed through Membrane-managed services, which is broader trust than the title alone suggests. Overall this looks more like a legitimate but higher-trust brokered integration than malware.