pilvio

SUSPICIOUS. The skill is internally coherent as a Membrane-based Pilvio connector, and the CLI install source appears legitimate, but the core data path routes Pilvio access through Membrane rather than directly to official Pilvio APIs. That third-party mediation of authentication and action execution creates medium security risk and trust expansion, though there is not enough evidence to call it malicious.