civicrm

SUSPICIOUS: the skill is coherent with its stated CiviCRM integration purpose, and the CLI source appears legitimate, but it routes authentication, API traffic, and CRM data through Membrane as a third-party intermediary. That expanded trust boundary and mutable `@latest` install raise meaningful security risk even without clear malicious intent.