sms-partner

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the CLI comes from an official npm package tied to the publisher, so this is not strong malware evidence. However, the integration routes authentication and SMS Partner access through Membrane as an intermediary rather than directly to official SMS Partner APIs, creating medium data-flow and credential-forwarding risk; use of mutable `@latest` also adds supply-chain risk.