mailersend

SUSPICIOUS: The skill’s purpose and capabilities are broadly aligned, and the installer appears to be the publisher’s official npm CLI rather than a random payload. The main concern is data-flow integrity: MailerSend access and authentication are mediated through Membrane, so credentials and account data are routed via a third-party service instead of directly to MailerSend. Combined with unpinned CLI execution, this makes the skill medium risk but not malicious.