inksprout

SUSPICIOUS: The skill is internally coherent for a Membrane-hosted integration and uses an official npm package, so it does not look like overt malware. However, it routes authentication and API traffic through Membrane as a third-party intermediary instead of direct official Inksprout endpoints, and its generic proxy capability broadens the data exposure surface.