voiceflow

SUSPICIOUS: The skill's core function is coherent, and the install source is an official npm package rather than a rogue binary. However, Voiceflow access is mediated through Membrane's third-party platform and CLI, so authentication, actions, and data flow through an intermediary instead of directly to Voiceflow; combined with unpinned CLI installation, this creates medium security risk despite no clear evidence of outright malware.