burst-sms

SUSPICIOUS: The skill is broadly coherent with its stated Burst SMS integration purpose, and the Membrane CLI comes from an official npm package rather than an unverifiable binary. However, all app access is mediated through Membrane instead of direct Burst SMS APIs, the install is unpinned, and the skill enables externally impactful actions like sending SMS and editing contact data. This is not clearly malicious, but it requires meaningful trust in a third-party platform and should be treated as medium risk.