icontact

SUSPICIOUS: The skill's core capability matches its stated purpose, and installation uses an official npm package rather than an unverified binary. The main risk is architectural: it routes authentication and API calls through Membrane as an intermediary and enables impactful write/send/delete operations. This is proportionate for a Membrane integration skill, but users must trust third-party credential handling and proxying, and the incorrect docs link adds inconsistency.