recruit-crm

SUSPICIOUS. The skill is mostly coherent with its stated Recruit CRM purpose and uses an official npm-distributed Membrane CLI, so this is not strong evidence of malware. The main concern is architectural: all API access and authentication are mediated by Membrane rather than going directly to Recruit CRM, creating third-party visibility and trust dependence, plus some supply-chain risk from unpinned CLI execution.