callfire

SUSPICIOUS. The skill’s capabilities mostly match its stated CallFire integration purpose, and the CLI comes from an official npm package rather than an unverifiable binary. The main concern is data-flow integrity: CallFire access is mediated through Membrane, so credentials and data are entrusted to a third-party platform instead of going directly to CallFire’s official API. Combined with unpinned global CLI install and real-world messaging actions, this makes the skill medium risk rather than benign.