drip

SUSPICIOUS: The skill's overall footprint matches a Drip integration, and the CLI install source appears official and same-org. The main concern is data-flow integrity and trust expansion: all authenticated Drip access is mediated through Membrane, and the skill can generate and run remote actions from natural-language descriptions. This is not clearly malicious, but it is more trust-heavy than a direct official API integration and carries moderate security risk.