solarwinds-service-desk

SUSPICIOUS. The skill's capabilities largely match its stated SolarWinds Service Desk purpose, and the CLI install path is same-vendor npm-based rather than an overtly malicious installer. However, all authentication and API traffic are routed through Membrane as a third-party intermediary instead of directly to SolarWinds, so credentials and service-desk data depend on an external broker. This is not clearly malicious, but it is a meaningful trust and data-flow concern that raises the skill above benign.