clinchpad

SUSPICIOUS: The skill is broadly coherent for a ClinchPad integration and uses an official npm-distributed Membrane CLI, so it does not show strong malware indicators. However, it routes authentication and CRM actions through Membrane instead of ClinchPad directly, enables write/delete operations, and relies on a mutable third-party CLI install, making it medium risk rather than benign.