callrail

SUSPICIOUS: the skill's purpose and capabilities are mostly coherent, and the CLI comes from an official npm package, so this is not overtly malicious. However, it introduces a third-party intermediary (Membrane) for authentication and API traffic, uses a broad proxy mechanism, and enables real-world actions like sending texts, which raises medium security risk beyond a direct CallRail integration.