intercom

SUSPICIOUS. The skill’s purpose and capabilities generally align with Intercom management, and the install path uses a normal npm package rather than a covert payload. The main concern is data-flow integrity: instead of calling Intercom directly, the skill funnels authentication and API traffic through Membrane’s CLI/service, making a third party an active intermediary for Intercom credentials and data. That is coherent with the product design but elevates risk and trust requirements beyond a direct API integration.