teamwork-desk

SUSPICIOUS: the skill's purpose matches its help-desk capabilities, and the installer appears same-vendor via npm, so this is not confirmed malware. The main issue is data-flow integrity: Teamwork Desk authentication and API activity are routed through Membrane as an intermediary service, which is disproportionate compared with a direct official API integration and creates meaningful credential-forwarding and privacy risk.