kustomer

SUSPICIOUS: the skill’s core behavior is coherent for a Membrane-based Kustomer integration, and the CLI install path is a legitimate npm package. The main concern is data-flow integrity: all Kustomer authentication and API activity are mediated by Membrane, a third-party service, rather than direct Kustomer endpoints. That expanded trust boundary makes the skill medium risk, but there is no strong evidence of malware, credential theft, or hidden behavior.