moosend

SUSPICIOUS: The skill's capabilities align with Moosend management, and the CLI appears to be the publisher's legitimate npm package, so this is not confirmed malware. However, the skill materially expands trust by requiring a Membrane account, routing auth and API traffic through Membrane, and enabling impactful actions like sending campaigns; combined with unpinned CLI install/execution, that makes the overall risk medium and the data flow less direct than the stated Moosend integration might imply.