nutshell

SUSPICIOUS: the skill's basic CRM functionality is plausible, and its install path is relatively trustworthy, but its actual data flow is centered on Membrane as an intermediary. Because authentication, credential refresh, and even raw Nutshell API requests are routed through a third-party platform instead of directly to official Nutshell APIs, the skill has medium-high security risk despite low evidence of outright malware.