pingone

SUSPICIOUS. The skill’s purpose and capabilities are mostly coherent, and the installer comes from an official registry tied to the same ecosystem, so this is not confirmed malware. However, it routes PingOne operations and credential handling through Membrane rather than directly to official PingOne APIs, creating a meaningful third-party trust and data-flow risk, compounded by unpinned CLI execution paths.