volterra

The skill is mostly coherent with its stated Volterra-integration purpose and uses an official npm-distributed CLI, so it is not clearly malicious. The main concern is architectural: Volterra access is mediated through Membrane, which manages credentials server-side and proxies API traffic, creating a third-party trust and data-flow dependency. Overall classification: SUSPICIOUS due to intermediary credential/data routing and broad proxy scope, but not indicative of confirmed malware.