staffology

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI install path appears to be the publisher's official npm distribution rather than an unknown payload. The main risk is data-flow integrity: Staffology access and credentials are mediated by Membrane's third-party CLI/service and proxy, including potentially sensitive payroll/HR data and write operations. This is proportionate to the stated Membrane-based integration model, but it is higher trust than a direct Staffology integration and warrants medium risk.