uplead

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the Membrane CLI install path appears to be an official npm distribution. However, the actual data flow is through Membrane’s backend/proxy rather than directly to UpLead, meaning a third party handles credentials and API traffic. This is disclosed and plausibly part of the product design, so it is not malicious, but it creates medium trust and data-routing risk beyond a direct UpLead integration.