google-postmaster-tools

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the CLI install path is a normal npm-based same-vendor dependency rather than a clear malware pattern. However, the core data flow and auth model route Google Postmaster access through Membrane’s third-party platform instead of direct Google APIs, creating moderate credential-forwarding and data-intermediation risk that is broader than a minimal Google-only integration.