saplingai

SUSPICIOUS: The skill is broadly coherent as a Membrane-based Sapling integration and uses an official npm-distributed CLI, so there is no strong malware signal. However, all authentication and API traffic are intentionally routed through Membrane rather than directly to Sapling, making this a medium-risk third-party credential/data mediation pattern that users should understand before use.