siteleaf

SUSPICIOUS: the skill's purpose is coherent, and the CLI comes from an official npm source, but the actual integration is mediated through Membrane rather than direct Siteleaf APIs. That creates medium risk around credential forwarding, third-party data visibility, and proxy-based API access, though there is no strong evidence of malware or concealment.