pipedrive

SUSPICIOUS. The skill is internally coherent for Pipedrive integration and uses an official-looking same-org npm CLI, so it is not clearly malicious. However, it routes authentication and API traffic through Membrane rather than directly to Pipedrive, requiring users to trust a third-party service with CRM credentials and data; combined with mutable CLI installs and record-modifying capability, this makes the skill medium risk.