capsule-crm

The Capsule CRM skill is coherently aligned with its stated purpose: it provides Capsule CRM capabilities through the Membrane CLI with OAuth-based authentication managed server-side by Membrane. The use of Membrane as the authentication/credential lifecycle manager and the use of the Membrane proxy for API calls are consistent with a centralized, developer-friendly CRM integration. The footprint is proportionate: official registry tooling (npm), standard remote API access, and credential handling centralized by the platform. There are no indications of direct credential harvesting, unverifiable binaries, or autonomous actions. Overall, the risk is low-to-moderate (securityRisk around 0.25–0.40) and falls under BENIGN with respect to the four dimensions, given proper trust in Membrane’s security model and official tooling.