zuplo

SUSPICIOUS: The skill's functionality mostly matches its stated Zuplo-management purpose, and installation uses a legitimate npm package rather than a raw downloader. The main concern is data-flow integrity: this is effectively a Membrane-mediated Zuplo skill, so requests and auth lifecycle are routed through a third party instead of going directly to Zuplo. That is not inherently malicious, but it is a meaningful trust and privacy expansion that should be disclosed more clearly.