10to8

SUSPICIOUS: The skill’s core behavior is mostly aligned with a 10to8 integration, and the CLI comes from an official npm package rather than an obviously malicious source. The main risk is architectural: all auth and data access are routed through Membrane as an intermediary, with unpinned CLI installation and server-side credential handling. This is not clearly malicious, but it increases trust and data-flow risk beyond a direct 10to8 API integration.