outsystems

Overall suspicious rather than malicious. The skill is coherent in purpose and uses a same-brand npm CLI, but it deliberately intermediates OutSystems authentication and data through Membrane instead of direct official OutSystems APIs, creating moderate trust and data-flow risk.