hubspot-leadgenius

Overall suspicious rather than malicious. The skill largely matches its stated HubSpot/LeadGenius integration purpose and uses official-looking endpoints with ordinary PyPI dependencies, but it requests a high-privilege LeadGenius admin key for an undocumented 'rate-limit bypass' that appears disproportionate to a standard sync workflow.