lever

SUSPICIOUS: the skill's purpose matches ATS management, and the npm-installed Membrane CLI appears to be an official same-ecosystem tool, so this is not overt malware. However, the skill routes Lever authentication and data operations through Membrane instead of official Lever APIs, requires a separate Membrane account, and supports write actions with real business impact; that third-party mediation and action scope make the overall risk medium.