lemlist

This skill is suspicious rather than overtly malicious. Its purpose matches Lemlist automation, but the actual footprint is broader than necessary because authentication, requests, and action execution are routed through Membrane's third-party CLI and proxy instead of directly to Lemlist's official API. That creates medium-high security risk from credential forwarding and intermediary data flow, though there is no clear evidence of deliberate malware or stealth.