siteleaf

SUSPICIOUS: The skill's actions mostly match its stated purpose, and the CLI install path is from a legitimate npm package rather than an unverifiable binary. However, the core integration routes Siteleaf authentication and API traffic through Membrane as an intermediary, which is a meaningful third-party data-flow and credential-handling risk that exceeds a simple direct Siteleaf client model.