leadsquared

SUSPICIOUS: The skill's purpose and capabilities mostly align, and install instructions use an official npm package rather than a raw downloader. The main concern is data-flow integrity and trust scope: all LeadSquared access is routed through Membrane's third-party CLI/service instead of directly to official LeadSquared APIs. That intermediary design is not clearly malicious, but it introduces moderate security risk and broader trust than the narrow CRM-integration purpose suggests.