reapit

SUSPICIOUS. The skill's capabilities broadly match its stated Reapit integration purpose, and the CLI comes from an official registry rather than an unverifiable binary. The main concern is data-flow integrity and credential forwarding: all Reapit access is mediated by Membrane, a third-party platform, rather than going directly to official Reapit APIs. That is disclosed and may be legitimate for this product, but it expands trust scope and exposes CRM data and tokens to an intermediary. Overall this looks more like a legitimate but higher-trust integration wrapper than malware.