serply

SUSPICIOUS. The main functionality is plausible and the CLI install path appears same-vendor and official, but the skill has notable inconsistencies: mismatched CRM-style description text, unpinned CLI execution, and all Serply access is brokered through Membrane rather than direct official API calls. This is not confirmed malware, but it expands trust and data flow to a third-party intermediary and deserves medium risk treatment.