smsapi

SUSPICIOUS: the install path is relatively trustworthy, but the skill’s true footprint is a Membrane-mediated integration, not direct SMSAPI access. Requiring a Membrane account and routing auth/data through Membrane is broader than a normal first-party SMSAPI skill, creating medium security risk without clear evidence of malware.