trinet

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the install path uses an official npm package rather than a raw downloader. However, all TriNet access is mediated through Membrane, so credentials and HR data are routed through a third-party platform/proxy rather than directly to TriNet; that trust expansion is significant even if openly documented. Overall this looks like a legitimate integration skill with moderate security risk from intermediary credential/data handling and unpinned CLI usage, not confirmed malware.