lime-crm

SUSPICIOUS: The skill is broadly aligned with CRM integration, but it routes authentication and all Lime CRM operations through Membrane rather than directly to official Lime endpoints. Because the installer is same-vendor and from npm, this is not malicious by itself; however, the third-party mediation layer, mutable CLI install, and ability to create/run generated actions make the trust footprint larger than the description suggests.