crm-sync

SUSPICIOUS. The business purpose is coherent for a CRM sync skill, and the approval gate helps, but the actual execution path is under-specified: crm-sync.py and the 'CRM MCP' are not tied to any verifiable official package, repo, or vendor-documented connector. That unverifiable dependency and likely credential forwarding make the skill high risk despite otherwise plausible functionality.