clicksend-sms

SUSPICIOUS: the skill is coherent with its stated ClickSend integration purpose and uses a normal npm-installed CLI, but it routes authentication and API traffic through Membrane rather than directly to ClickSend. That intermediary credential/data flow and the ability to send real-world SMS actions make the skill medium risk even without clear malware indicators.