espocrm

SUSPICIOUS. The skill is broadly aligned with its stated EspoCRM purpose and uses an official npm package, but it routes authentication and CRM operations through Membrane’s intermediary service instead of EspoCRM directly. That brokered data flow, combined with dynamic action creation and unpinned CLI install, creates moderate security risk without enough evidence for malicious intent.