sendlane

SUSPICIOUS: the skill's purpose matches its capabilities, and the Membrane CLI appears to be an official product component, so this is not strongly indicative of malware. However, the skill routes all Sendlane access and credential handling through Membrane infrastructure rather than official Sendlane APIs, and it uses an unpinned third-party CLI install, creating a meaningful trust and data-flow risk.