sonix

SUSPICIOUS: the skill's install source is reasonably legitimate, but its core behavior routes Sonix authentication and data through Membrane as an intermediary rather than using Sonix's official API directly. That platform-mediated credential and data flow is broader than the stated Sonix integration purpose and creates meaningful third-party trust and exposure risk, though it is not confirmed malware.