salesblink

SUSPICIOUS. The skill's capabilities fit its stated SalesBlink integration purpose, and install instructions use an official npm package rather than a raw download-execute chain. The main concern is data-flow integrity: all access is mediated through Membrane, a third-party service, instead of calling SalesBlink's official API directly. This is disclosed and may be legitimate, but it expands trust and centralizes credentials and API traffic outside the official service boundary. Overall this is not confirmed malware, but it carries medium security risk due to intermediary credential/data routing and unpinned CLI execution.