resend

SUSPICIOUS: The skill's capabilities broadly match its purpose, and installation uses an official npm package rather than a raw download. The main concern is data-flow integrity: Resend credentials and API actions are mediated through Membrane's CLI/service instead of going directly to Resend, creating third-party credential forwarding and proxy risk. This looks more like a legitimate integration wrapper than malware, but it meaningfully expands trust and enables high-impact actions such as sending emails and managing API keys.