httpsms

SUSPICIOUS. The core capability is broadly aligned with an SMS integration and the CLI installer appears to be first-party and officially distributed via npm, so this is not indicative of malware. However, the skill is inconsistent in its upstream identity because it labels HttpSMS while linking to BulkSMS docs, and it routes all access through Membrane rather than directly to the service, creating intermediary data-flow and action-execution risk. Moderate security risk, low malware likelihood.