emailable

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and it uses an official npm-distributed CLI rather than a raw binary. However, it introduces a third-party trust boundary by requiring a Membrane account and routing Emailable authentication and API traffic through Membrane’s platform/proxy instead of direct Emailable endpoints; combined with a mutable global `@latest` install, this creates moderate supply-chain and data-flow risk without strong signs of outright malware.