flexmail

SUSPICIOUS: The skill’s capabilities align with its stated Flexmail integration purpose, and the install path uses an official npm package rather than a dubious downloader. However, all authentication and API traffic are routed through Membrane instead of directly to Flexmail, creating a third-party credential/data handling layer and medium trust risk. This looks coherent rather than malicious, but the intermediary data flow and mutable CLI install make it higher risk than a direct official API integration.