mentionlytics

SUSPICIOUS. The skill’s purpose and capabilities are broadly coherent, and the CLI install path is a legitimate npm package rather than a raw downloader. The main issue is data-flow integrity: it routes Mentionlytics authentication and API activity through Membrane as an intermediary, expanding trust to a third-party platform that stores connections and executes actions on the user’s behalf. This is disclosed and may be legitimate, but it is still a medium-risk integration pattern with unpinned CLI installation and third-party credential handling.