resend

SUSPICIOUS: the skill’s purpose matches Resend management, and its install path is from an official npm package, but it routes authentication and all Resend operations through Membrane rather than direct official Resend interfaces. That third-party credential/data mediation is a meaningful trust and data-flow concern, though not confirmed malware.