mentionlytics

SUSPICIOUS. The skill's core behavior matches its stated purpose, and the CLI install source is reasonably legitimate via npm. However, the integration is not a simple direct Mentionlytics client: it requires a separate Membrane account, local Membrane auth state, and routes Mentionlytics requests and credentials through Membrane-hosted proxy/auth infrastructure. That intermediary trust boundary is clearly disclosed but increases security risk beyond a direct official API integration.