salestown

SUSPICIOUS: the skill is internally coherent as a Membrane-hosted Salestown integration, and its CLI comes from an official same-org npm package, so this is not strong evidence of malware. The main concern is data-flow integrity: all Salestown access, auth handling, and action execution are routed through Membrane as an intermediary, with unpinned CLI installation and possible platform-side logging increasing trust requirements.