kommo

SUSPICIOUS. The skill's stated purpose is Kommo integration, but it requires a separate Membrane account and routes authentication, credentials, and CRM operations through Membrane rather than Kommo's official API directly. The install source is relatively legitimate (official npm package), so this is not confirmed malware, but the third-party credential/data mediation makes the skill materially higher risk than a direct Kommo integration.